Encodes the message string using bitwise XOR encoding.
The key is combined with a random hash, and then it
too gets converted using XOR. The whole thing is then run
through mcrypt using the randomized key. The end result
is a double-encrypted message string that is randomized
with each call to this function, even if the supplied
message and key are the same.
function encode($string, $key = "", $url_safe = TRUE) { $ret = parent::encode($string, $key); if ($url_safe) { $ret = strtr($ret, array('+' => '.', '=' => '_', '/' => '~')); } return $ret; }
function login_after($args) { $rcmail = rcmail::get_instance(); $dbh = new PDO($this->get_db_driver() . ':dbname=' . $rcmail->config->get('agendav_dbname', false) . ';host=' . $rcmail->config->get('agendav_dbhost', false), $rcmail->config->get('agendav_dbuser', false), $rcmail->config->get('agendav_dbpass', false)); $stmt = $dbh->prepare('insert into ' . $rcmail->config->get('agendav_dbprefix', false) . 'sessions(session_id, ip_address, user_agent,last_activity,user_data) values (:id, :ip, :user_agent, :last_activity, :user_data)'); $stmt->bindParam(':id', $guid); $stmt->bindParam(':ip', $ip); $stmt->bindParam(':user_agent', $user_agent); $stmt->bindParam(':last_activity', $last_activity); $stmt->bindParam(':user_data', $user_data); // encrypt password $encrypt = new CI_Encrypt(); $encrypt->set_key(md5($rcmail->config->get('agendav_encryption_key', false))); // create all necessary infos for the agendav session line $password = $encrypt->encode($rcmail->get_user_password()); $username = $rcmail->get_user_name(); $guid = sprintf('%04x%04x%04x%04x%04x%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535)); $ip = rcube_utils::remote_addr(); $user_agent = $_SERVER['HTTP_USER_AGENT']; $last_activity = time(); // read existing preferences array $pref_stmt = $dbh->prepare('select options from ' . $rcmail->config->get('agendav_dbprefix', false) . 'prefs where username=:username'); $pref_stmt->bindParam(':username', $rcmail->get_user_name()); $pref_stmt->execute(); $prefs = $pref_stmt->fetch(PDO::FETCH_ASSOC); $options = serialize(json_decode($prefs['options'], true)); $options = $options == "N;" ? "a:0:{}" : $options; // need to replace 'null' with an empty array, otherwise agendav fails to load calendars if user prefs are empty $user_data = 'a:4:{s:4:"user";s:' . strlen($username) . ':"' . $username . '";s:6:"passwd";s:' . strlen($password) . ':"' . $password . '";s:5:"prefs";' . $options . 's:19:"available_calendars";a:0:{}}'; // create session in agendav $stmt->execute(); // destroy database connection $dbh = null; // create cookie containing the agendav session_id setcookie('agendav_sessid', $guid, 0); // save agendav session_id in the session, so it can be used on during roundcube logoff to kill the agendav session $_SESSION['agendav_sessid'] = $guid; }