/** * Handles the retrieval of the login data from the rememberMe cookie. * * @return bool true on success or false on failure * * @access public */ function readRememberCookie() { if (!array_key_exists('cookie', $this->_options) || !array_key_exists($this->_options['cookie']['name'], $_COOKIE)) { return false; } if (strlen($_COOKIE[$this->_options['cookie']['name']]) < 65 || preg_match('/[^a-z0-9]/i', substr($_COOKIE[$this->_options['cookie']['name']], 0, 64))) { $this->deleteRememberCookie(); } $cookieData = $_COOKIE[$this->_options['cookie']['name']]; $store_id = substr($cookieData, 0, 32); $passwd_id = substr($cookieData, 32, 32); $handle = substr($cookieData, 64); $dir = $this->_options['cookie']['savedir']; $fh = @fopen($dir . '/' . $store_id . '.lu', 'rb'); if (!$fh) { $this->deleteRememberCookie(); $this->stack->push(LIVEUSER_ERROR_CONFIG, 'exception', array(), 'Cannot open file for reading'); return false; } $fields = fread($fh, 4096); fclose($fh); if (!$fields) { $this->deleteRememberCookie(); $this->stack->push(LIVEUSER_ERROR_CONFIG, 'exception', array(), 'Cannot read file'); return false; } $serverData = @unserialize(LiveUser::cryptRC4($fields, $this->_options['cookie']['secret'], false)); if (!is_array($serverData) || count($serverData) != 2) { $this->deleteRememberCookie(); $this->stack->push(LIVEUSER_ERROR_COOKIE, 'exception', array(), 'Incorrect array structure'); return false; } if ($serverData[0] != $passwd_id) { // Delete cookie if it's not valid, keeping it messes up the // authentication process $this->deleteRememberCookie(); $this->stack->push(LIVEUSER_ERROR_COOKIE, 'error', array(), 'Passwords hashes do not match in cookie in LiveUser::readRememberMeCookie()'); return false; } return array('handle' => $handle, 'passwd' => $serverData[1]); }
/** * Encrypts a password for storage in a backend container. * Uses the algorithm defined in the passwordEncryptionMode * property. * * @param string encryption type * @return string The encrypted password * * @access public */ function encryptPW($plainPW) { $encryptedPW = 'Encryption type not supported.'; switch (strtoupper($this->passwordEncryptionMode)) { case 'PLAIN': $encryptedPW = $plainPW; break; case 'MD5': $encryptedPW = md5($plainPW); break; case 'RC4': $encryptedPW = LiveUser::cryptRC4($plainPW, $this->secret, true); break; case 'SHA1': if (!function_exists('sha1')) { $this->_stack->push(LIVEUSER_ERROR_NOT_SUPPORTED, 'exception', array(), 'SHA1 function doesn\'t exist. Upgrade your PHP version'); return false; } $encryptedPW = sha1($plainPW); break; } return $encryptedPW; }