forked from extern/egroupware
re-added session encryption:
- it now also encrypts the egw object and egw_info array, stored in the session - it no longer encrypts every egw_session::appsession() call, but the whole array at once when the egw_session object gets destroyed - mcrypt algo and mode are currently hardcoded to tripledes and ecb, as we dont have the database connection, when they are needed. You can add it as egw_info[server][mcrypt_{algo|mode}] in the header.inc.php - fixed a bug, which let the session grow around 400k(!) each request - if mcrypt or the selected algo/mode is not availible the session encryption is switched off automatic, but an error is logged
This commit is contained in:
parent
29af6786d1
commit
94da0682cd
@ -1,299 +0,0 @@
|
||||
<?php
|
||||
/**************************************************************************\
|
||||
* eGroupWare API - Crypto *
|
||||
* This file written by Joseph Engo <jengo@phpgroupware.org> *
|
||||
* Handles encrypting strings based on various encryption schemes *
|
||||
* Copyright (C) 2000, 2001 Dan Kuykendall *
|
||||
* -------------------------------------------------------------------------*
|
||||
* This library is part of the eGroupWare API *
|
||||
* http://www.egroupware.org/api *
|
||||
* -------------------------------------------------------------------------*
|
||||
* This library is free software; you can redistribute it and/or modify it *
|
||||
* under the terms of the GNU Lesser General Public License as published by *
|
||||
* the Free Software Foundation; either version 2.1 of the License, *
|
||||
* or any later version. *
|
||||
* This library is distributed in the hope that it will be useful, but *
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of *
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
|
||||
* See the GNU Lesser General Public License for more details. *
|
||||
* You should have received a copy of the GNU Lesser General Public License *
|
||||
* along with this library; if not, write to the Free Software Foundation, *
|
||||
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
|
||||
\**************************************************************************/
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
class crypto
|
||||
{
|
||||
var $enabled = False;
|
||||
var $debug = False;
|
||||
|
||||
var $mcrypt_version = '';
|
||||
var $algo = MCRYPT_TRIPLEDES;
|
||||
var $mode = MCRYPT_MODE_CBC;
|
||||
var $td = False; /* Handle for mcrypt */
|
||||
var $iv = '';
|
||||
var $key = '';
|
||||
|
||||
function crypto($vars='')
|
||||
{
|
||||
if($GLOBALS['egw_info']['flags']['currentapp'] == 'login' ||
|
||||
$GLOBALS['egw_info']['flags']['currentapp'] == 'logout' ||
|
||||
$GLOBALS['egw_info']['flags']['currentapp'] == 'home'
|
||||
)
|
||||
{
|
||||
$this->debug = False;
|
||||
}
|
||||
if(is_array($vars))
|
||||
{
|
||||
$this->init($vars);
|
||||
}
|
||||
}
|
||||
|
||||
function init($vars)
|
||||
{
|
||||
/* _debug_array(mcrypt_list_algorithms()); */
|
||||
$key = $vars[0];
|
||||
$iv = $vars[1];
|
||||
|
||||
if($GLOBALS['egw_info']['server']['mcrypt_enabled'] && extension_loaded('mcrypt'))
|
||||
{
|
||||
if($GLOBALS['egw_info']['server']['mcrypt_algo'])
|
||||
{
|
||||
$this->algo = $GLOBALS['egw_info']['server']['mcrypt_algo'];
|
||||
}
|
||||
if($GLOBALS['egw_info']['server']['mcrypt_mode'])
|
||||
{
|
||||
$this->mode = $GLOBALS['egw_info']['server']['mcrypt_mode'];
|
||||
}
|
||||
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>crypto: algorithm=' . $this->algo;
|
||||
echo '<br>crypto: mode =' . $this->mode;
|
||||
}
|
||||
|
||||
$this->enabled = True;
|
||||
$this->mcrypt_version = $GLOBALS['egw_info']['server']['versions']['mcrypt'];
|
||||
if($this->mcrypt_version == 'old')
|
||||
{
|
||||
$this->td = False;
|
||||
if(phpversion() > '4.0.2pl1')
|
||||
{
|
||||
$keysize = mcrypt_get_key_size($this->algo);
|
||||
$ivsize = mcrypt_get_iv_size($this->algo,$this->mode);
|
||||
}
|
||||
else
|
||||
{
|
||||
$keysize = 8;
|
||||
$ivsize = 8;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Start up mcrypt */
|
||||
$this->td = mcrypt_module_open($this->algo, '', $this->mode, '');
|
||||
|
||||
$ivsize = mcrypt_enc_get_iv_size($this->td);
|
||||
$keysize = mcrypt_enc_get_key_size($this->td);
|
||||
}
|
||||
|
||||
/* Hack IV to be the correct size */
|
||||
$x = strlen($iv);
|
||||
$this->iv = '';
|
||||
for($i = 0; $i < $ivsize; $i++)
|
||||
{
|
||||
$this->iv .= $iv[$i % $x];
|
||||
}
|
||||
|
||||
/* Hack Key to be the correct size */
|
||||
$x = strlen($key);
|
||||
$this->key = '';
|
||||
for($i = 0; $i < $keysize; $i++)
|
||||
{
|
||||
$this->key .= $key[$i % $x];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* If mcrypt isn't loaded, key and iv are not needed. */
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>crypto: mycrypt unavailable or disabled';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function cleanup()
|
||||
{
|
||||
if($this->enabled)
|
||||
{
|
||||
if($this->mcrypt_version != 'old')
|
||||
{
|
||||
if(function_exists('mcrypt_generic_deinit'))
|
||||
{
|
||||
mcrypt_generic_deinit($this->td);
|
||||
}
|
||||
else
|
||||
{
|
||||
mcrypt_generic_end($this->td);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function hex2bin($data)
|
||||
{
|
||||
$len = strlen($data);
|
||||
return pack('H'.$len, $data);
|
||||
}
|
||||
|
||||
function encrypt($data)
|
||||
{
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() unencrypted data: ---->>>>' . $data . "\n";
|
||||
}
|
||||
|
||||
if(@is_array($data) || @is_object($data))
|
||||
{
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() found an "' . gettype($data) . '". Serializing...' . "\n";
|
||||
}
|
||||
$data = serialize($data);
|
||||
$_obj = True;
|
||||
}
|
||||
else
|
||||
{
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() found "' . gettype($data) . '". No serialization...' . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
/* Disable all encryption if the admin didn't set it up */
|
||||
if($this->enabled)
|
||||
{
|
||||
if($_obj)
|
||||
{
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() adding slashes' . "\n";
|
||||
}
|
||||
$data = addslashes($data);
|
||||
}
|
||||
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() data: ---->>>>' . $data;
|
||||
}
|
||||
|
||||
switch($this->mcrypt_version)
|
||||
{
|
||||
case 'old':
|
||||
/* The old code, only works with mcrypt <= 2.2.x */
|
||||
$encrypteddata = mcrypt_cbc($this->algo, $this->key, $data, MCRYPT_ENCRYPT);
|
||||
break;
|
||||
default:
|
||||
/* Handle 2.4 and newer API */
|
||||
mcrypt_generic_init($this->td, $this->key, $this->iv);
|
||||
$encrypteddata = mcrypt_generic($this->td, $data);
|
||||
break;
|
||||
}
|
||||
$encrypteddata = bin2hex($encrypteddata);
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() crypted data: ---->>>>' . $encrypteddata;
|
||||
}
|
||||
return $encrypteddata;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* No mcrypt == insecure ! */
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->encrypt() crypted data: ---->>>>' . $data;
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
}
|
||||
|
||||
function decrypt($encrypteddata)
|
||||
{
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->decrypt() crypted data: ---->>>>' . $encrypteddata;
|
||||
}
|
||||
/* Disable all encryption if the admin didn't set it up */
|
||||
if($this->enabled)
|
||||
{
|
||||
$data = $this->hex2bin($encrypteddata);
|
||||
switch($this->mcrypt_version)
|
||||
{
|
||||
case 'old':
|
||||
/* The old code, only works with mcrypt <= 2.2.x */
|
||||
$data = mcrypt_cbc($this->algo, $this->key, $data, MCRYPT_DECRYPT);
|
||||
break;
|
||||
default:
|
||||
/* Handle 2.4 and newer API */
|
||||
mcrypt_generic_init($this->td, $this->key, $this->iv);
|
||||
$data = mdecrypt_generic($this->td, $data);
|
||||
break;
|
||||
}
|
||||
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->decrypt() decrypted data: ---->>>>' . $data;
|
||||
}
|
||||
$test = stripslashes($data);
|
||||
if(@unserialize($test))
|
||||
{
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->decrypt() stripping slashes' . "\n";
|
||||
}
|
||||
$data = $test;
|
||||
}
|
||||
unset($test);
|
||||
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->decrypt() data: ---->>>>' . $data . "\n";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* No mcrypt == insecure ! */
|
||||
$data = $encrypteddata;
|
||||
}
|
||||
|
||||
// Fix strange bug
|
||||
// Without this, somes ^@^@^@^@ appears in data
|
||||
$data = chop($data);
|
||||
|
||||
$newdata = @unserialize($data);
|
||||
/* Check whether an array or object exists, even if empty. These should be the only ones originally serialized. */
|
||||
if(@is_array($newdata) || @is_object($newdata))
|
||||
{
|
||||
/* array or object */
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->decrypt() found serialized "' . gettype($newdata) . '". Unserializing...' . "\n";
|
||||
echo '<br>' . time() . ' crypto->decrypt() returning: '; _debug_array($newdata);
|
||||
}
|
||||
return $newdata;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Other types */
|
||||
if($this->debug)
|
||||
{
|
||||
echo '<br>' . time() . ' crypto->decrypt() found UNserialized "' . gettype($data) . '". No unserialization...' . "\n";
|
||||
echo '<br>' . time() . ' crypto->decrypt() returning: ' . $data;
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
}
|
||||
} // class crypto
|
||||
?>
|
@ -467,12 +467,6 @@ class egw extends egw_minimal
|
||||
{
|
||||
ExecMethod('phpgwapi.asyncservice.check_run','fallback');
|
||||
}
|
||||
/* Clean up mcrypt */
|
||||
if (isset($this->crypto))
|
||||
{
|
||||
$this->crypto->cleanup();
|
||||
unset($this->crypto);
|
||||
}
|
||||
$this->db->disconnect();
|
||||
}
|
||||
}
|
||||
|
@ -20,6 +20,16 @@
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
// some constants for pre php4.3
|
||||
if (!defined('PHP_SHLIB_SUFFIX'))
|
||||
{
|
||||
define('PHP_SHLIB_SUFFIX',$is_windows ? 'dll' : 'so');
|
||||
}
|
||||
if (!defined('PHP_SHLIB_PREFIX'))
|
||||
{
|
||||
define('PHP_SHLIB_PREFIX',PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : '');
|
||||
}
|
||||
|
||||
/**
|
||||
* eGW session handling
|
||||
*
|
||||
@ -29,7 +39,7 @@
|
||||
* which implement custom session handler or certain extra functionality, like eg. listing sessions,
|
||||
* not available in php's session extension.
|
||||
*/
|
||||
class egw_session //extends sessions
|
||||
class egw_session
|
||||
{
|
||||
/**
|
||||
* key of eGW's session-data in $_SESSION
|
||||
@ -41,6 +51,23 @@ class egw_session //extends sessions
|
||||
*/
|
||||
const EGW_APPSESSION_VAR = 'egw_app_session';
|
||||
|
||||
/**
|
||||
* key of eGW's required files in $_SESSION
|
||||
*
|
||||
* These files get set by egw_db and egw class, for classes which get not autoloaded (eg. ADOdb, idots_framework)
|
||||
*/
|
||||
const EGW_REQUIRED_FILES = 'egw_required_files';
|
||||
|
||||
/**
|
||||
* key of eGW's egw_info cached in $_SESSION
|
||||
*/
|
||||
const EGW_INFO_CACHE = 'egw_info_cache';
|
||||
|
||||
/**
|
||||
* key of eGW's egw object cached in $_SESSION
|
||||
*/
|
||||
const EGW_OBJECT_CACHE = 'egw_object_cache';
|
||||
|
||||
/**
|
||||
* Name of cookie or get-parameter with session-id
|
||||
*/
|
||||
@ -103,20 +130,6 @@ class egw_session //extends sessions
|
||||
*/
|
||||
var $kp3;
|
||||
|
||||
/**
|
||||
* encryption key for the encrption of the session-data, if enabled
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $key;
|
||||
|
||||
/**
|
||||
* mcrypt's iv
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $iv;
|
||||
|
||||
/**
|
||||
* name of XML-RPC/SOAP method called
|
||||
*
|
||||
@ -143,7 +156,7 @@ class egw_session //extends sessions
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
var $save_session_vars_start;
|
||||
var $required_files;
|
||||
|
||||
/**
|
||||
* Constructor just loads up some defaults from cookies
|
||||
@ -152,7 +165,7 @@ class egw_session //extends sessions
|
||||
*/
|
||||
function __construct(array $domain_names=null)
|
||||
{
|
||||
$this->save_session_vars_start = $_SESSION;
|
||||
$this->required_files = $_SESSION[self::EGW_REQUIRED_FILES];
|
||||
|
||||
$this->sessionid = $_REQUEST[self::EGW_SESSION_NAME];
|
||||
$this->kp3 = $_REQUEST['kp3'];
|
||||
@ -211,11 +224,134 @@ class egw_session //extends sessions
|
||||
}
|
||||
self::set_cookiedomain();
|
||||
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
|
||||
|
||||
self::decrypt();
|
||||
}
|
||||
|
||||
function __wakeup()
|
||||
{
|
||||
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
|
||||
ini_set('session.gc_maxlifetime', $GLOBALS['egw_info']['server']['sessions_timeout']);
|
||||
}
|
||||
|
||||
function __destruct()
|
||||
{
|
||||
/* foreach($GLOBALS['egw'] as $name => &$value)
|
||||
{
|
||||
$len = strlen(serialize($value));
|
||||
if ($len > 1000) error_log(__METHOD__."() strlen($name)=$len, diff=".($len-(int)$_SESSION['lens'][$name]));
|
||||
$_SESSION['lens'][$name] = $len;
|
||||
if ($name == 'session')
|
||||
{
|
||||
foreach($value as $n => &$v)
|
||||
{
|
||||
$len = strlen(serialize($v));
|
||||
if ($len > 1000) error_log(__METHOD__."() strlen(session->$n)=$len, diff=".($len-(int)$_SESSION['lens-sess'][$n]));
|
||||
$_SESSION['lens-sess'][$n] = $len;
|
||||
}
|
||||
}
|
||||
}*/
|
||||
self::encrypt($this->kp3);
|
||||
}
|
||||
|
||||
/**
|
||||
* Keys of session variables which get encrypted
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
static $egw_session_vars = array(
|
||||
//self::EGW_SESSION_VAR, no need to encrypt and required by the session list
|
||||
self::EGW_APPSESSION_VAR,
|
||||
self::EGW_INFO_CACHE,
|
||||
self::EGW_OBJECT_CACHE,
|
||||
);
|
||||
|
||||
static $mcrypt;
|
||||
|
||||
/**
|
||||
* Encrypt the variables in the session
|
||||
*
|
||||
* Is called by self::__destruct().
|
||||
*/
|
||||
static function encrypt($kp3)
|
||||
{
|
||||
if (self::init_crypt($kp3))
|
||||
{
|
||||
foreach(self::$egw_session_vars as $name)
|
||||
{
|
||||
if (isset($_SESSION[$name]))
|
||||
{
|
||||
$_SESSION[$name] = mcrypt_generic(self::$mcrypt,serialize($_SESSION[$name]));
|
||||
//error_log(__METHOD__."() 'encrypting' session var: $name, len=".strlen($_SESSION[$name]));
|
||||
}
|
||||
}
|
||||
mcrypt_generic_deinit(self::$mcrypt);
|
||||
self::$mcrypt = null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt the variables in the session
|
||||
*
|
||||
* Is called by self::init_handler from phpgwapi/inc/functions.inc.php (called from the header.inc.php)
|
||||
* before the restore of the eGW enviroment takes place, so that the whole thing can be encrypted
|
||||
*/
|
||||
static function decrypt()
|
||||
{
|
||||
if (self::init_crypt($_REQUEST['kp3']))
|
||||
{
|
||||
foreach(self::$egw_session_vars as $name)
|
||||
{
|
||||
if (isset($_SESSION[$name]) && !is_array($_SESSION[$name]))
|
||||
{
|
||||
//error_log(__METHOD__."() 'decrypting' session var: $name");
|
||||
$_SESSION[$name] = unserialize(trim(mdecrypt_generic(self::$mcrypt,$_SESSION[$name])));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if session encryption is configured, possible and initialise it
|
||||
*
|
||||
* @param string $kp3 mcrypt key transported via cookie or get parameter like the session id,
|
||||
* unlike the session id it's not know on the server, so only the client-request can decrypt the session!
|
||||
* @param string $algo='tripledes'
|
||||
* @param string $mode='ecb'
|
||||
* @return boolean true if encryption is used, false otherwise
|
||||
*/
|
||||
static private function init_crypt($kp3,$algo='tripledes',$mode='ecb')
|
||||
{
|
||||
if(!$GLOBALS['egw_info']['server']['mcrypt_enabled'])
|
||||
{
|
||||
return false; // session encryption is switched off
|
||||
}
|
||||
if ($GLOBALS['egw_info']['currentapp'] == 'syncml' || !$kp3)
|
||||
{
|
||||
$kp3 = 'staticsyncmlkp3'; // syncml has no kp3!
|
||||
}
|
||||
if (is_null(self::$mcrypt))
|
||||
{
|
||||
if (!extension_loaded('mcrypt') && (!function_exists('dl') || !@dl(PHP_SHLIB_PREFIX.'mcrypt'.'.'.PHP_SHLIB_SUFFIX)))
|
||||
{
|
||||
error_log(__METHOD__."() required PHP extension mcrypt not loaded and can not be loaded, sessions get NOT encrypted!");
|
||||
return false;
|
||||
}
|
||||
if (!(self::$mcrypt = mcrypt_module_open($algo, '', $mode, '')))
|
||||
{
|
||||
error_log(__METHOD__."() could not mcrypt_module_open(algo='$algo','',mode='$mode',''), sessions get NOT encrypted!");
|
||||
return false;
|
||||
}
|
||||
$iv_size = mcrypt_enc_get_iv_size(self::$mcrypt);
|
||||
$iv = !isset($GLOBALS['egw_info']['server']['mcrypt_iv']) || strlen($GLOBALS['egw_info']['server']['mcrypt_iv']) < $iv_size ?
|
||||
mcrypt_create_iv ($iv_size, MCRYPT_RAND) : substr($GLOBALS['egw_info']['server']['mcrypt_iv'],0,$iv_size);
|
||||
|
||||
if (mcrypt_generic_init(self::$mcrypt,$kp3, $iv) < 0)
|
||||
{
|
||||
error_log(__METHOD__."() could not initialise mcrypt, sessions get NOT encrypted!");
|
||||
return self::$mcrypt = false;
|
||||
}
|
||||
}
|
||||
return is_resource(self::$mcrypt);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -314,16 +450,11 @@ class egw_session //extends sessions
|
||||
session_regenerate_id(true);
|
||||
}
|
||||
$this->sessionid = $no_session ? 'no-session' : session_id();
|
||||
$this->kp3 = md5($GLOBALS['egw']->common->randomstring(15));
|
||||
$this->kp3 = $GLOBALS['egw']->common->randomstring(24);
|
||||
|
||||
unset($GLOBALS['egw_info']['server']['default_domain']); // we kill this for security reasons
|
||||
|
||||
// init the crypto object
|
||||
$this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['egw_info']['server']['encryptkey']);
|
||||
$this->iv = $GLOBALS['egw_info']['server']['mcrypt_iv'];
|
||||
$GLOBALS['egw']->crypto->init(array($this->key,$this->iv));
|
||||
|
||||
$this->read_repositories(false);
|
||||
$this->read_repositories();
|
||||
if ($GLOBALS['egw']->accounts->is_expired($this->user))
|
||||
{
|
||||
if(is_object($GLOBALS['egw']->log))
|
||||
@ -343,7 +474,6 @@ class egw_session //extends sessions
|
||||
}
|
||||
|
||||
$GLOBALS['egw_info']['user'] = $this->user;
|
||||
$GLOBALS['egw_info']['hooks'] = $this->hooks;
|
||||
|
||||
$this->appsession('password','phpgwapi',base64_encode($this->passwd));
|
||||
if ($GLOBALS['egw']->acl->check('anonymous',1,'phpgwapi'))
|
||||
@ -414,14 +544,11 @@ class egw_session //extends sessions
|
||||
private function register_session($login,$user_ip,$now,$session_flags)
|
||||
{
|
||||
// restore session vars set before session was started
|
||||
if ($this->save_session_vars_start && is_array($this->save_session_vars_start))
|
||||
if (is_array($this->require_files))
|
||||
{
|
||||
foreach($this->save_session_vars_start as $name => &$value)
|
||||
{
|
||||
//error_log(__METHOD__."() added $name=".array2string($value));
|
||||
$_SESSION[$name] =& $value;
|
||||
}
|
||||
unset($this->save_session_vars_start);
|
||||
$_SESSION[self::EGW_REQUIRED_FILES] = !is_array($_SESSION[self::EGW_REQUIRED_FILES]) ? $this->required_files :
|
||||
array_unique(array_merge($_SESSION[self::EGW_REQUIRED_FILES],$this->required_files));
|
||||
unset($this->require_files);
|
||||
}
|
||||
$_SESSION[self::EGW_SESSION_VAR] = array(
|
||||
'session_id' => $this->sessionid,
|
||||
@ -602,14 +729,9 @@ class egw_session //extends sessions
|
||||
|
||||
$GLOBALS['egw_info']['user']['account_id'] = $this->account_id;
|
||||
|
||||
// init the crypto object before appsession call below
|
||||
$this->key = md5($this->kp3 . $this->sessionid . @$GLOBALS['egw_info']['server']['encryptkey']);
|
||||
$this->iv = $GLOBALS['egw_info']['server']['mcrypt_iv'];
|
||||
$GLOBALS['egw']->crypto->init(array($this->key,$this->iv));
|
||||
|
||||
if ($fill_egw_info_and_repositories)
|
||||
{
|
||||
$this->read_repositories($GLOBALS['egw_info']['server']['cache_phpgw_info']);
|
||||
$this->read_repositories();
|
||||
}
|
||||
|
||||
if ($this->user['expires'] != -1 && $this->user['expires'] < time())
|
||||
@ -630,7 +752,6 @@ class egw_session //extends sessions
|
||||
if ($fill_egw_info_and_repositories)
|
||||
{
|
||||
$GLOBALS['egw_info']['user'] = $this->user;
|
||||
$GLOBALS['egw_info']['hooks'] = $this->hooks;
|
||||
|
||||
$GLOBALS['egw_info']['user']['session_ip'] = $session['session_ip'];
|
||||
$GLOBALS['egw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi'));
|
||||
@ -902,11 +1023,11 @@ class egw_session //extends sessions
|
||||
// do not decrypt and return if no data (decrypt returning garbage)
|
||||
if(isset($_SESSION[self::EGW_APPSESSION_VAR][$appname]) && array_key_exists($location,$_SESSION[self::EGW_APPSESSION_VAR][$appname]))
|
||||
{
|
||||
return /*$GLOBALS['egw']->crypto->decrypt(*/$_SESSION[self::EGW_APPSESSION_VAR][$appname][$location];//);
|
||||
return $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location];
|
||||
}
|
||||
return false;
|
||||
}
|
||||
return $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location] =& $data; //$GLOBALS['egw']->crypto->encrypt($data);
|
||||
return $_SESSION[self::EGW_APPSESSION_VAR][$appname][$location] =& $data;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1098,8 +1219,6 @@ class egw_session //extends sessions
|
||||
$this->user['account_lid'] = $this->account_lid;
|
||||
$this->user['userid'] = $this->account_lid;
|
||||
$this->user['passwd'] = @$this->passwd;
|
||||
|
||||
$this->hooks = $GLOBALS['egw']->hooks->read();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1162,6 +1281,12 @@ class egw_session //extends sessions
|
||||
}
|
||||
ini_set('session.use_cookies',0); // disable the automatic use of cookies, as it uses the path / by default
|
||||
session_name(self::EGW_SESSION_NAME);
|
||||
if ($_REQUEST[egw_session::EGW_SESSION_NAME])
|
||||
{
|
||||
session_id($_REQUEST[egw_session::EGW_SESSION_NAME]);
|
||||
session_start();
|
||||
egw_session::decrypt();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -50,7 +50,7 @@ if (!isset($GLOBALS['egw_info']['flags']['currentapp']))
|
||||
echo '!!! PLEASE CORRECT THIS SITUATION !!!</b></p>';
|
||||
}
|
||||
|
||||
include_once(EGW_API_INC.'/common_functions.inc.php');
|
||||
require_once(EGW_API_INC.'/common_functions.inc.php');
|
||||
|
||||
// init eGW's sessions-handler
|
||||
egw_session::init_handler();
|
||||
@ -58,30 +58,25 @@ egw_session::init_handler();
|
||||
// check if we can restore the eGW enviroment from the php-session
|
||||
if ($_REQUEST[egw_session::EGW_SESSION_NAME])
|
||||
{
|
||||
ini_set('session.use_cookies',0);
|
||||
session_name(egw_session::EGW_SESSION_NAME);
|
||||
session_id($_REQUEST[egw_session::EGW_SESSION_NAME]);
|
||||
session_start();
|
||||
|
||||
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && $GLOBALS['egw_info']['flags']['currentapp'] != 'logout')
|
||||
{
|
||||
if (is_array($_SESSION['egw_info_cache']) && $_SESSION['egw_object_cache'] && $_SESSION['egw_required_files'])
|
||||
if (is_array($_SESSION[egw_session::EGW_INFO_CACHE]) && $_SESSION[egw_session::EGW_OBJECT_CACHE] && $_SESSION[egw_session::EGW_REQUIRED_FILES])
|
||||
{
|
||||
// marking the context as restored from the session, used by session->verify to not read the data from the db again
|
||||
$GLOBALS['egw_info']['flags']['restored_from_session'] = true;
|
||||
|
||||
// restoring the egw_info-array
|
||||
$GLOBALS['egw_info'] = array_merge($_SESSION['egw_info_cache'],array('flags' => $GLOBALS['egw_info']['flags']));
|
||||
$GLOBALS['egw_info'] = array_merge($_SESSION[egw_session::EGW_INFO_CACHE],array('flags' => $GLOBALS['egw_info']['flags']));
|
||||
|
||||
// include required class-definitions
|
||||
if (is_array($_SESSION['egw_required_files'])) // all classes, which can not be autoloaded
|
||||
if (is_array($_SESSION[egw_session::EGW_REQUIRED_FILES])) // all classes, which can not be autoloaded
|
||||
{
|
||||
foreach($_SESSION['egw_required_files'] as $file)
|
||||
foreach($_SESSION[egw_session::EGW_REQUIRED_FILES] as $file)
|
||||
{
|
||||
require_once($file);
|
||||
}
|
||||
}
|
||||
$GLOBALS['egw'] = unserialize($_SESSION['egw_object_cache']);
|
||||
$GLOBALS['egw'] = unserialize($_SESSION[egw_session::EGW_OBJECT_CACHE]);
|
||||
|
||||
if (is_object($GLOBALS['egw']))
|
||||
{
|
||||
@ -95,17 +90,17 @@ if ($_REQUEST[egw_session::EGW_SESSION_NAME])
|
||||
unset($GLOBALS['egw']);
|
||||
$GLOBALS['egw_info'] = array('flags'=>$GLOBALS['egw_info']['flags']);
|
||||
unset($GLOBALS['egw_info']['flags']['restored_from_session']);
|
||||
unset($_SESSION['egw_info_cache']);
|
||||
unset($_SESSION['egw_required_files']);
|
||||
unset($_SESSION['egw_object_cache']);
|
||||
unset($_SESSION[egw_session::EGW_INFO_CACHE]);
|
||||
unset($_SESSION[egw_session::EGW_REQUIRED_FILES]);
|
||||
unset($_SESSION[egw_session::EGW_OBJECT_CACHE]);
|
||||
}
|
||||
//echo "<p>could not restore egw_info and the egw-object!!!</p>\n";
|
||||
}
|
||||
else // destroy the session-cache if called by login or logout
|
||||
{
|
||||
unset($_SESSION['egw_info_cache']);
|
||||
unset($_SESSION['egw_required_files']);
|
||||
unset($_SESSION['egw_object_cache']);
|
||||
unset($_SESSION[egw_session::EGW_INFO_CACHE]);
|
||||
unset($_SESSION[egw_session::EGW_REQUIRED_FILES]);
|
||||
unset($_SESSION[egw_session::EGW_OBJECT_CACHE]);
|
||||
}
|
||||
}
|
||||
print_debug('sane environment','messageonly','api');
|
||||
@ -135,8 +130,8 @@ if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && !$GLOBALS['egw_inf
|
||||
// saving the the egw_info array and the egw-object in the session
|
||||
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login')
|
||||
{
|
||||
$_SESSION['egw_info_cache'] = $GLOBALS['egw_info'];
|
||||
unset($_SESSION['egw_info_cache']['flags']); // dont save the flags, they change on each request
|
||||
$_SESSION[egw_session::EGW_INFO_CACHE] = $GLOBALS['egw_info'];
|
||||
unset($_SESSION[egw_session::EGW_INFO_CACHE]['flags']); // dont save the flags, they change on each request
|
||||
|
||||
$_SESSION['egw_object_cache'] = serialize($GLOBALS['egw']);
|
||||
$_SESSION[egw_session::EGW_OBJECT_CACHE] = serialize($GLOBALS['egw']);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user