function xos_encrypt_old_password($plain)
{
    $password = '';
    for ($i = 0; $i < 10; $i++) {
        $password .= xos_rand();
    }
    $salt = substr(md5($password), 0, 2);
    $password = md5($salt . $plain) . ':' . $salt;
    return $password;
}
Exemple #2
0
 function xos_random_name()
 {
     $letters = 'abcdefghijklmnopqrstuvwxyz';
     $dirname = '.';
     $length = floor(xos_rand(16, 20));
     for ($i = 1; $i <= $length; $i++) {
         $q = floor(xos_rand(1, 26));
         $dirname .= $letters[$q];
     }
     return $dirname;
 }
Exemple #3
0
function xos_create_random_value($length, $type = 'mixed')
{
    if ($type != 'mixed' && $type != 'chars' && $type != 'digits') {
        return false;
    }
    $rand_value = '';
    while (strlen($rand_value) < $length) {
        if ($type == 'digits') {
            $char = xos_rand(0, 9);
        } else {
            $char = chr(xos_rand(0, 255));
        }
        if ($type == 'mixed') {
            if (preg_match('/^[a-z0-9]$/i', $char)) {
                $rand_value .= $char;
            }
        } elseif ($type == 'chars') {
            if (preg_match('/^[a-z]$/i', $char)) {
                $rand_value .= $char;
            }
        } elseif ($type == 'digits') {
            if (preg_match('/^[0-9]$/', $char)) {
                $rand_value .= $char;
            }
        }
    }
    return $rand_value;
}
} else {
    if (!isset($_COOKIE[session_name()]) && isset($_GET[session_name()]) || isset($_COOKIE[session_name()]) && isset($_GET[session_name()]) && $request_type == 'SSL' && ENABLE_SSL == 'true' && $_COOKIE[session_name()] != $_GET[session_name()] && HTTP_COOKIE_DOMAIN != HTTPS_COOKIE_DOMAIN) {
        setcookie(session_name(), $_GET[session_name()], 0, $cookie_path, $cookie_domain);
    }
    xos_session_start();
    $session_started = true;
}
// Define the SESSID
define('SESSID', empty($_COOKIE[session_name()]) ? xos_session_name() . '=' . xos_session_id() : '');
//  if ($session_started && !preg_match('/^(?:(?:[a-zA-Z0-9,-]{26})|(?:[a-zA-Z0-9,-]{32}))$/i', session_id())) session_regenerate_id(true);
if ($session_started && !preg_match('/^[a-zA-Z0-9,-]{22,40}$/i', session_id())) {
    session_regenerate_id(true);
}
// initialize a session token
if (!isset($_SESSION['sessiontoken'])) {
    $_SESSION['sessiontoken'] = md5(xos_rand() . xos_rand() . xos_rand() . xos_rand());
}
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'true' && ENABLE_SSL == 'true' && $session_started == true) {
    $ssl_session_id = getenv('SSL_SESSION_ID');
    if (!isset($_SESSION['SESSION_SSL_ID'])) {
        $_SESSION['SESSION_SSL_ID'] = $ssl_session_id;
    }
    if ($_SESSION['SESSION_SSL_ID'] != $ssl_session_id) {
        setcookie(session_name(), '', time() - 42000, $cookie_path, $cookie_domain);
        session_destroy();
        xos_redirect(xos_href_link(FILENAME_SSL_CHECK, '', 'NONSSL', false));
    }
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'true' && $session_started == true) {