From c16da3e05b80e4a85fdaa74121baa659bb752350 Mon Sep 17 00:00:00 2001 From: skeeter Date: Fri, 29 Dec 2000 19:40:09 +0000 Subject: [PATCH] fix for crypto and password --- phpgwapi/inc/phpgw.inc.php | 13 ++++++------- phpgwapi/inc/phpgw_accounts_shared.inc.php | 2 +- phpgwapi/inc/phpgw_session.inc.php | 16 +++++++++------- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/phpgwapi/inc/phpgw.inc.php b/phpgwapi/inc/phpgw.inc.php index 8184ea1f0f..46938a5c02 100644 --- a/phpgwapi/inc/phpgw.inc.php +++ b/phpgwapi/inc/phpgw.inc.php @@ -59,12 +59,6 @@ { global $phpgw,$phpgw_info; - $phpgw->common->key = $phpgw_info["server"]["encryptkey"]; - $phpgw->common->key .= $phpgw_info["user"]["sessionid"]; - $phpgw->common->key .= $phpgw_info["user"]["kp3"]; - $phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; - $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv); - if ($phpgw_info["flags"]["enable_categories_class"]) { include($phpgw_info["server"]["api_inc"] . "/phpgw_categories.inc.php"); $phpgw->categories = new categories; @@ -152,11 +146,17 @@ while($this->db->next_record()) { $phpgw_info["server"][$this->db->f("config_name")] = $this->db->f("config_value"); } + } else { + $this->db->query("select config_value from config where config_name='encryptkey'",__LINE__,__FILE__); + $this->db->next_record(); + $phpgw_info["server"]["encryptkey"] = $this->db->f("config_value"); } /**************************************************************************\ * Continue adding the classes * \**************************************************************************/ + $this->common = new common; + if ($phpgw_info["flags"]["currentapp"] == "login") { /* Load selected authentication class */ if (empty($phpgw_info["server"]["auth_type"])){$phpgw_info["server"]["auth_type"] = "sql";} @@ -191,7 +191,6 @@ } $this->accounts = new accounts; $this->translation = new translation; - $this->common = new common; $this->acl = new acl; $this->hooks = new hooks; diff --git a/phpgwapi/inc/phpgw_accounts_shared.inc.php b/phpgwapi/inc/phpgw_accounts_shared.inc.php index e4ff0dd32f..3b1f54f0ec 100644 --- a/phpgwapi/inc/phpgw_accounts_shared.inc.php +++ b/phpgwapi/inc/phpgw_accounts_shared.inc.php @@ -197,7 +197,7 @@ class preferences { - var $account_id; + var $account_id = 0; var $preferences; function preferences($account_id) diff --git a/phpgwapi/inc/phpgw_session.inc.php b/phpgwapi/inc/phpgw_session.inc.php index 81483dedc0..85adfe71f8 100644 --- a/phpgwapi/inc/phpgw_session.inc.php +++ b/phpgwapi/inc/phpgw_session.inc.php @@ -33,9 +33,11 @@ $db2 = $phpgw->db; // PHP 3 complains that these are not defined when the already are defined. - @$phpgw->common->key = $kp3; - @$phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; - $phpgw->crypto = new crypto(@$phpgw->common->key,@$phpgw->common->iv); + $phpgw->common->key = $phpgw_info["server"]["encryptkey"]; + $phpgw->common->key .= $sessionid; + $phpgw->common->key .= $kp3; + $phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; + $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv); $db->query("select * from phpgw_sessions where session_id='$sessionid'",__LINE__,__FILE__); $db->next_record(); @@ -79,8 +81,6 @@ return False; } else { // PHP 3 complains that these are not defined when the already are defined. - @$phpgw->preferences->preferences = $phpgw_info["user"]["preferences"]; - @$phpgw->preferences->account_id = $phpgw_info["user"]["account_id"]; return True; } } @@ -119,11 +119,13 @@ $phpgw_info["user"]["sessionid"] = md5($phpgw->common->randomstring(10)); $phpgw_info["user"]["kp3"] = md5($phpgw->common->randomstring(15)); - $phpgw->common->key = $phpgw_info["user"]["kp3"]; + $phpgw->common->key = $phpgw_info["server"]["encryptkey"]; + $phpgw->common->key .= $phpgw_info["user"]["sessionid"]; + $phpgw->common->key .= $phpgw_info["user"]["kp3"]; $phpgw->common->iv = $phpgw_info["server"]["mcrypt_iv"]; $phpgw->crypto = new crypto($phpgw->common->key,$phpgw->common->iv); - //$phpgw_info["user"]["passwd"] = $phpgw->common->encrypt($passwd); + $phpgw_info["user"]["passwd"] = $phpgw->common->encrypt($passwd); if ($phpgw_info["server"]["usecookies"]) { Setcookie("sessionid",$phpgw_info["user"]["sessionid"]);