mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-10 16:08:34 +01:00
"fixed problem with lost password in session, when using session encryption"
This commit is contained in:
parent
a1a5d156a9
commit
d7f5835422
@ -224,8 +224,6 @@ class egw_session
|
|||||||
}
|
}
|
||||||
self::set_cookiedomain();
|
self::set_cookiedomain();
|
||||||
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
|
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
|
||||||
|
|
||||||
self::decrypt();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function __wakeup()
|
function __wakeup()
|
||||||
@ -301,10 +299,10 @@ class egw_session
|
|||||||
{
|
{
|
||||||
foreach(self::$egw_session_vars as $name)
|
foreach(self::$egw_session_vars as $name)
|
||||||
{
|
{
|
||||||
if (isset($_SESSION[$name]) && !is_array($_SESSION[$name]))
|
if (isset($_SESSION[$name]) && $_SESSION[$name])
|
||||||
{
|
{
|
||||||
//error_log(__METHOD__."() 'decrypting' session var: $name");
|
$_SESSION[$name] = unserialize($s = trim(mdecrypt_generic(self::$mcrypt,$_SESSION[$name])));
|
||||||
$_SESSION[$name] = unserialize(trim(mdecrypt_generic(self::$mcrypt,$_SESSION[$name])));
|
//error_log(__METHOD__."() 'decrypting' session var: gettype(_SESSION[$name]) = ".gettype($_SESSION[$name]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -476,6 +474,7 @@ class egw_session
|
|||||||
$GLOBALS['egw_info']['user'] = $this->user;
|
$GLOBALS['egw_info']['user'] = $this->user;
|
||||||
|
|
||||||
$this->appsession('password','phpgwapi',base64_encode($this->passwd));
|
$this->appsession('password','phpgwapi',base64_encode($this->passwd));
|
||||||
|
|
||||||
if ($GLOBALS['egw']->acl->check('anonymous',1,'phpgwapi'))
|
if ($GLOBALS['egw']->acl->check('anonymous',1,'phpgwapi'))
|
||||||
{
|
{
|
||||||
$this->session_flags = 'A';
|
$this->session_flags = 'A';
|
||||||
@ -1006,7 +1005,6 @@ class egw_session
|
|||||||
* @param string $location free lable to store the data
|
* @param string $location free lable to store the data
|
||||||
* @param string $appname='' default current application (egw_info[flags][currentapp])
|
* @param string $appname='' default current application (egw_info[flags][currentapp])
|
||||||
* @param mixed $data='##NOTHING##' if given, data to store, if not specified
|
* @param mixed $data='##NOTHING##' if given, data to store, if not specified
|
||||||
* @todo enable session encryption again, but with the whole session data at once, not every single value, which would also solve mcrypts padding problem
|
|
||||||
* @return mixed session data or false if no data stored for $appname/$location
|
* @return mixed session data or false if no data stored for $appname/$location
|
||||||
*/
|
*/
|
||||||
public static function &appsession($location = 'default', $appname = '', $data = '##NOTHING##')
|
public static function &appsession($location = 'default', $appname = '', $data = '##NOTHING##')
|
||||||
@ -1015,19 +1013,31 @@ class egw_session
|
|||||||
{
|
{
|
||||||
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
$appname = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
}
|
}
|
||||||
//error_log(__METHOD__."($location,$appname,$data)");
|
|
||||||
|
|
||||||
// allow to store eg. '' as the value.
|
// allow to store eg. '' as the value.
|
||||||
if ($data === '##NOTHING##')
|
if ($data === '##NOTHING##')
|
||||||
{
|
{
|
||||||
// do not decrypt and return if no data (decrypt returning garbage)
|
|
||||||
if(isset($_SESSION[self::EGW_APPSESSION_VAR][$appname]) && array_key_exists($location,$_SESSION[self::EGW_APPSESSION_VAR][$appname]))
|
if(isset($_SESSION[self::EGW_APPSESSION_VAR][$appname]) && array_key_exists($location,$_SESSION[self::EGW_APPSESSION_VAR][$appname]))
|
||||||
{
|
{
|
||||||
return $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location];
|
$ret =& $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location];
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$ret = false;
|
||||||
}
|
}
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
return $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location] =& $data;
|
else
|
||||||
|
{
|
||||||
|
$_SESSION[self::EGW_APPSESSION_VAR][$appname][$location] =& $data;
|
||||||
|
$ret =& $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location];
|
||||||
|
}
|
||||||
|
if (self::$errorlog_debug === 'appsession')
|
||||||
|
{
|
||||||
|
error_log(__METHOD__."($location,$appname,$data) === ".(is_scalar($ret) && strlen($ret) < 50 ?
|
||||||
|
(is_bool($ret) ? ($ret ? '(bool)true' : '(bool)false') : $ret) :
|
||||||
|
(strlen($r = array2string($ret)) < 50 ? $r : substr($r,0,50).' ...')));
|
||||||
|
}
|
||||||
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user