diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2009-10-04 15:54:09 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2009-10-04 15:54:09 +0200 |
| commit | 645c0a36b9beccc8b53de1decdef4082806f8093 (patch) | |
| tree | 15731ffa1d69005c02ec7219e95bc60d980a38b2 /inc/auth.php | |
| parent | ab44a793ad1fdd5f5f96bcf0f2d80cf2385ae05c (diff) | |
| download | rpg-645c0a36b9beccc8b53de1decdef4082806f8093.tar.gz rpg-645c0a36b9beccc8b53de1decdef4082806f8093.tar.bz2 | |
encode parts in cookie seperatly. might fix FS#1437
Ignore-this: c9b92b33e2a3a3418fd0730bf4971b7e
darcs-hash:20091004135409-7ad00-51c902a832fef7486a9afca9e9481b172a6894e1.gz
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/inc/auth.php b/inc/auth.php index d0f813aa6..9be5c19b4 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -165,8 +165,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){ } }else{ // read cookie information - $cookie = base64_decode($_COOKIE[DOKU_COOKIE]); - list($user,$sticky,$pass) = explode('|',$cookie,3); + list($user,$sticky,$pass) = auth_getCookie(); // get session info $session = $_SESSION[DOKU_COOKIE]['auth']; if($user && $pass){ @@ -1005,22 +1004,35 @@ function auth_setCookie($user,$pass,$sticky) { global $auth; global $USERINFO; - $USERINFO = $auth->getUserData($user); + $USERINFO = $auth->getUserData($user); - // set cookie - $cookie = base64_encode("$user|$sticky|$pass"); - if($sticky) $time = time()+60*60*24*365; //one year - if (version_compare(PHP_VERSION, '5.2.0', '>')) { - setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true); - }else{ - setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl())); - } - // set session - $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; - $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; - $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); - $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; - $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); + // set cookie + $cookie = base64_encode($user).'|'.((int) $sticky).'|'.base64_encode($pass); + if($sticky) $time = time()+60*60*24*365; //one year + if (version_compare(PHP_VERSION, '5.2.0', '>')) { + setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl()),true); + }else{ + setcookie(DOKU_COOKIE,$cookie,$time,DOKU_REL,'',($conf['securecookie'] && is_ssl())); + } + // set session + $_SESSION[DOKU_COOKIE]['auth']['user'] = $user; + $_SESSION[DOKU_COOKIE]['auth']['pass'] = $pass; + $_SESSION[DOKU_COOKIE]['auth']['buid'] = auth_browseruid(); + $_SESSION[DOKU_COOKIE]['auth']['info'] = $USERINFO; + $_SESSION[DOKU_COOKIE]['auth']['time'] = time(); +} + +/** + * Returns the user, (encrypted) password and sticky bit from cookie + * + * @returns array + */ +function auth_getCookie(){ + list($user,$sticky,$pass) = explode('|',$_COOKIE[DOKU_COOKIE],3); + $sticky = (bool) $sticky; + $pass = base64_decode($pass); + $user = base64_decode($user); + return array($user,$sticky,$pass); } //Setup VIM: ex: et ts=2 enc=utf-8 : |