holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Started converting the code to encrypt the session_info field, and it now uses kp3 properly. This needs to be tested

Browse Source
This commit is contained in:
jengo 2000-12-29 09:00:52 +00:00
parent 4985bb1605
commit 0c5e127b53
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/phpgw_accounts_shared.inc.php
View File

@ -54,7 +54,7 @@
$phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the $phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the
// database for security. // database for security.
$db->query("update phpgw_sessions set session_info='" . addslashes(serialize($phpgw_info_temp)) $db->query("update phpgw_sessions set session_info='" . $phpgw->crypto->encrypt($phpgw_info_temp)
. "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__); . "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
} }

10
phpgwapi/inc/phpgw_session.inc.php
View File

@ -32,6 +32,10 @@
$db = $phpgw->db; $db = $phpgw->db;
$db2 = $phpgw->db; $db2 = $phpgw->db;
$phpgw->common->key = $kp3;
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
$db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__); $db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__);
$db->next_record(); $db->next_record();
@ -53,7 +57,7 @@
$phpgw_info["user"]["kp3"] = $kp3; $phpgw_info["user"]["kp3"] = $kp3;
$phpgw_info_flags = $phpgw_info["flags"]; $phpgw_info_flags = $phpgw_info["flags"];
$phpgw_info = unserialize($db->f("session_info")); $phpgw_info = $phpgw->crypto->decrypt($db->f("session_info"));
$phpgw_info["flags"] = $phpgw_info_flags; $phpgw_info["flags"] = $phpgw_info_flags;
@ -113,11 +117,11 @@
$phpgw_info["user"]["sessionid"] = md5($phpgw->common->randomstring(10)); $phpgw_info["user"]["sessionid"] = md5($phpgw->common->randomstring(10));
$phpgw_info["user"]["kp3"] = md5($phpgw->common->randomstring(15)); $phpgw_info["user"]["kp3"] = md5($phpgw->common->randomstring(15));
$phpgw->common->key = $phpgw_info["server"]["encryptkey"]; $phpgw->common->key = $phpgw_info["user"]["kp3"];
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; $phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv); $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
$phpgw_info["user"]["passwd"] = $phpgw->common->encrypt($passwd); //$phpgw_info["user"]["passwd"] = $phpgw->common->encrypt($passwd);
if ($phpgw_info["server"]["usecookies"]) { if ($phpgw_info["server"]["usecookies"]) {
Setcookie("sessionid",$phpgw_info["user"]["sessionid"]); Setcookie("sessionid",$phpgw_info["user"]["sessionid"]);