From ab36b7bb856ac0e60877f2005413d27301a1b3ce Mon Sep 17 00:00:00 2001
From: jengo <jengo@alumni.egroupware.org>
Date: Tue, 20 Feb 2001 06:50:36 +0000
Subject: [PATCH] Fixed appsessions() not returning the users password
 correctly

---
 phpgwapi/inc/class.sessions.inc.php | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/phpgwapi/inc/class.sessions.inc.php b/phpgwapi/inc/class.sessions.inc.php
index 2adfeb3aa7..86f52d89c9 100644
--- a/phpgwapi/inc/class.sessions.inc.php
+++ b/phpgwapi/inc/class.sessions.inc.php
@@ -179,7 +179,8 @@
 		{
 			global $phpgw_info, $phpgw;
 
-			$this->login = $login;
+			$this->login  = $login;
+			$this->passwd = $passwd;
 			$this->clean_sessions();
 			$login_array = explode('@', $login);
 			$this->account_lid = $login_array[0];
@@ -250,7 +251,7 @@
 			}
 
 			// If they are not useing cache, we need to store it somewhere
-			$this->passwd = $this->appsession('password','phpgwapi',$passwd);
+			$this->appsession('password','phpgwapi',$this->passwd);
 
 			$phpgw->db->query("insert into phpgw_sessions values ('" . $this->sessionid
 								. "','".$login."','" . $this->getuser_ip() . "','"
@@ -357,10 +358,13 @@
 				." and app = '".$appname."' and location = '".$location."'";
 	
 				$phpgw->db->query($query,__LINE__,__FILE__);
-				
 				$phpgw->db->next_record();
+
+				// I added these into seperate steps for easier debugging
 				$data = $phpgw->db->f('content');
-				#$data = $phpgw->common->decrypt($data);
+				$data = $phpgw->common->decrypt($data);
+				$data = stripslashes($data);
+
 				return $data;
 			} else {
 				$phpgw->db->query("select content from phpgw_app_sessions where "
@@ -368,23 +372,23 @@
 				. "and app = '".$appname."' and location = '".$location."'",__LINE__,__FILE__);
 				
 				if ($phpgw->db->num_rows()==0) {
-	#				some how the next line is not working correctly! knecke
-	#				$data = addslashes($phpgw->crypto->encrypt(serialize($data)));
-					$data = addslashes(serialize($data));
+
+					// I added these into seperate steps for easier debugging
+					$data = serialize($data);
+					$data = $phpgw->crypto->encrypt($data);
+
 					$phpgw->db->query("INSERT INTO phpgw_app_sessions (sessionid,loginid,app,location,content) "
 					. "VALUES ('".$this->sessionid."','".$this->account_id."','".$appname
 					. "','".$location."','".$data."')",__LINE__,__FILE__);
 				} else {
-	# 				some how the next line is not working correctly! knecke
-	# 				$data = addslashes($phpgw->crypto->encrypt(serialize($data)));
-					$data = addslashes(serialize($data));
+	 				$data = $phpgw->crypto->encrypt(serialize($data));
 					$phpgw->db->query("update phpgw_app_sessions set content = '".$data."'"
 					. "where sessionid = '".$this->sessionid."'"
 					. "and loginid = '".$this->account_id."' and app = '".$appname."'"
 					. "and location = '".$location."'",__LINE__,__FILE__);
 				}
 	
-				return $data;
+				return unserialize($data);
 			}
 		}