forked from extern/egroupware
Working on fixing serialize() with encryption, seems to work on 3.0.16
This commit is contained in:
parent
0c5e127b53
commit
19a79c9735
@ -53,9 +53,13 @@
|
||||
$phpgw_info_temp["user"]["preferences"] = $phpgw_info["user"]["preferences"];
|
||||
$phpgw_info_temp["user"]["kp3"] = ""; // We don't want it anywhere in the
|
||||
// database for security.
|
||||
|
||||
$db->query("update phpgw_sessions set session_info='" . $phpgw->crypto->encrypt($phpgw_info_temp)
|
||||
. "' where session_id='" . $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
|
||||
if ($PHP_VERSION < "4.0.0") {
|
||||
$info_string = addslashes($phpgw->crypto->encrypt($phpgw_info_temp));
|
||||
} else {
|
||||
$info_string = $phpgw->crypto->encrypt($phpgw_info_temp);
|
||||
}
|
||||
$db->query("update phpgw_sessions set session_info='$info_string' where session_id='"
|
||||
. $phpgw_info["user"]["sessionid"] . "'",__LINE__,__FILE__);
|
||||
}
|
||||
|
||||
function add_app($appname,$rebuild = False)
|
||||
|
@ -89,9 +89,8 @@
|
||||
$encrypteddata = mcrypt_generic($this->td, $data);
|
||||
}
|
||||
}
|
||||
|
||||
$encrypteddata = bin2hex($encrypteddata);
|
||||
return $encrypteddata;
|
||||
return $encrypteddata;
|
||||
} else { // No mcrypt == insecure !
|
||||
return $data;
|
||||
}
|
||||
|
@ -32,9 +32,10 @@
|
||||
$db = $phpgw->db;
|
||||
$db2 = $phpgw->db;
|
||||
|
||||
$phpgw->common->key = $kp3;
|
||||
$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
|
||||
$phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv);
|
||||
// PHP 3 complains that these are not defined when the already are defined.
|
||||
@$phpgw->common->key = $kp3;
|
||||
@$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"];
|
||||
$phpgw->crypto = new crypto(@$phpgw->common->key,@$phpgw->common->iv);
|
||||
|
||||
$db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__);
|
||||
$db->next_record();
|
||||
@ -77,8 +78,9 @@
|
||||
if (! $phpgw_info["user"]["userid"] ) {
|
||||
return False;
|
||||
} else {
|
||||
$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"];
|
||||
$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"];
|
||||
// PHP 3 complains that these are not defined when the already are defined.
|
||||
@$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"];
|
||||
@$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"];
|
||||
return True;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user