Ejemplo n.º 1
0
 /**
  * Handles the retrieval of the login data from the rememberMe cookie.
  *
  * @return bool true on success or false on failure
  *
  * @access public
  */
 function readRememberCookie()
 {
     if (!array_key_exists('cookie', $this->_options) || !array_key_exists($this->_options['cookie']['name'], $_COOKIE)) {
         return false;
     }
     if (strlen($_COOKIE[$this->_options['cookie']['name']]) < 65 || preg_match('/[^a-z0-9]/i', substr($_COOKIE[$this->_options['cookie']['name']], 0, 64))) {
         $this->deleteRememberCookie();
     }
     $cookieData = $_COOKIE[$this->_options['cookie']['name']];
     $store_id = substr($cookieData, 0, 32);
     $passwd_id = substr($cookieData, 32, 32);
     $handle = substr($cookieData, 64);
     $dir = $this->_options['cookie']['savedir'];
     $fh = @fopen($dir . '/' . $store_id . '.lu', 'rb');
     if (!$fh) {
         $this->deleteRememberCookie();
         $this->stack->push(LIVEUSER_ERROR_CONFIG, 'exception', array(), 'Cannot open file for reading');
         return false;
     }
     $fields = fread($fh, 4096);
     fclose($fh);
     if (!$fields) {
         $this->deleteRememberCookie();
         $this->stack->push(LIVEUSER_ERROR_CONFIG, 'exception', array(), 'Cannot read file');
         return false;
     }
     $serverData = @unserialize(LiveUser::cryptRC4($fields, $this->_options['cookie']['secret'], false));
     if (!is_array($serverData) || count($serverData) != 2) {
         $this->deleteRememberCookie();
         $this->stack->push(LIVEUSER_ERROR_COOKIE, 'exception', array(), 'Incorrect array structure');
         return false;
     }
     if ($serverData[0] != $passwd_id) {
         // Delete cookie if it's not valid, keeping it messes up the
         // authentication process
         $this->deleteRememberCookie();
         $this->stack->push(LIVEUSER_ERROR_COOKIE, 'error', array(), 'Passwords hashes do not match in cookie in LiveUser::readRememberMeCookie()');
         return false;
     }
     return array('handle' => $handle, 'passwd' => $serverData[1]);
 }
Ejemplo n.º 2
0
 /**
  * Encrypts a password for storage in a backend container.
  * Uses the algorithm defined in the passwordEncryptionMode
  * property.
  *
  * @param string  encryption type
  * @return string The encrypted password
  *
  * @access public
  */
 function encryptPW($plainPW)
 {
     $encryptedPW = 'Encryption type not supported.';
     switch (strtoupper($this->passwordEncryptionMode)) {
         case 'PLAIN':
             $encryptedPW = $plainPW;
             break;
         case 'MD5':
             $encryptedPW = md5($plainPW);
             break;
         case 'RC4':
             $encryptedPW = LiveUser::cryptRC4($plainPW, $this->secret, true);
             break;
         case 'SHA1':
             if (!function_exists('sha1')) {
                 $this->_stack->push(LIVEUSER_ERROR_NOT_SUPPORTED, 'exception', array(), 'SHA1 function doesn\'t exist. Upgrade your PHP version');
                 return false;
             }
             $encryptedPW = sha1($plainPW);
             break;
     }
     return $encryptedPW;
 }