/** * $Horde: horde/login.php,v 2.154 2004/02/11 22:17:05 chuck Exp $ * * Copyright 1999-2004 Charles J. Hagenbuch <*****@*****.**> * Copyright 1999-2004 Jon Parise <*****@*****.**> * * See the enclosed file COPYING for license information (LGPL). If you * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html. */ @define('AUTH_HANDLER', true); @define('HORDE_BASE', dirname(__FILE__)); require_once HORDE_BASE . '/lib/base.php'; require_once HORDE_LIBS . 'Horde/Menu.php'; require_once HORDE_LIBS . 'Horde/Secret.php'; /* Initialize the Auth credentials key. */ Secret::setKey('auth'); /* Get an Auth object. */ $auth =& Auth::singleton($conf['auth']['driver']); if (is_a($auth, 'PEAR_Error')) { Horde::fatal($auth, __FILE__, __LINE__); } /* Get parameters. */ $logout_reason = $auth->getLogoutReason(); $url_param = Util::getFormData('url'); if ($logout_reason) { $login_screen = $auth->_getLoginScreen(); if (Util::removeParameter($login_screen, array('url', 'nocache')) != Util::removeParameter(Horde::url(Horde::selfUrl(), true), array('url', 'nocache'))) { $url = Auth::addLogoutParameters($login_screen); if ($url_param) { $url = Util::addParameter($login_screen, 'url', $url_param); }
/** * Destroys any existing session on login and make sure to use a new * session ID, to avoid session fixation issues. Should be called before * checking a login. */ function getCleanSession() { // Make sure to force a completely new session ID and clear all // session data. if (version_compare(PHP_VERSION, '4.3.3') !== -1) { session_regenerate_id(true); session_unset(); } else { $old_error = error_reporting(0); session_destroy(); error_reporting($old_error); if (Util::extensionExists('posix')) { $new_session_id = md5(microtime() . posix_getpid()); } else { $new_session_id = md5(uniqid(mt_rand(), true)); } session_id($new_session_id); // Restart the session, including setting up the session handler. Horde::setupSessionHandler(); error_reporting(0); session_start(); error_reporting($old_error); } /* Reset cookie timeouts, if necessary. */ if (!empty($GLOBALS['conf']['session']['timeout'])) { $app = $GLOBALS['registry']->getApp(); if (Secret::clearKey($app)) { Secret::setKey($app); } Secret::setKey('auth'); } }