public static function setcookie($name, $value, $exp = 0)
{
rcube_utils::setcookie($name, $value, $exp);
}
/**
* Set session authentication cookie
*/
public function set_auth_cookie()
{
$this->cookie = $this->_mkcookie($this->now);
rcube_utils::setcookie($this->cookiename, $this->cookie, 0);
$_COOKIE[$this->cookiename] = $this->cookie;
}
/**
* removes/unsets a cookie.
*
* @param $name the name of the cookie.
* @return bool
*/
function remove_cookie($name)
{
if (headers_sent()) {
return false;
}
if (class_exists('rcube_utils')) {
rcube_utils::setcookie($name, "", time() - 60);
} else {
rcmail::get_instance()->setcookie($name, "", time() - 60);
}
return true;
}
/**
* removes/unsets a cookie.
*
* @param $name the name of the cookie.
* @return bool
*/
function remove_cookie($name)
{
if (headers_sent()) {
return false;
}
rcube_utils::setcookie($name, "", time() - 60);
return true;
}
private function __cookie($set = TRUE)
{
$rcmail = rcmail::get_instance();
$user_agent = hash_hmac('md5', filter_input(INPUT_SERVER, 'USER_AGENT') ?: "", $rcmail->config->get('des_key'));
$key = hash_hmac('sha256', implode("", array($rcmail->user->data['username'], $this->__getSecret())), $rcmail->config->get('des_key'), TRUE);
$iv = hash_hmac('md5', implode("", array($rcmail->user->data['username'], $this->__getSecret())), $rcmail->config->get('des_key'), TRUE);
$name = hash_hmac('md5', $rcmail->user->data['username'], $rcmail->config->get('des_key'));
if ($set) {
$expires = time() + 2592000;
// 30 days from now
$rand = mt_rand();
$signature = hash_hmac('sha512', implode("", array($rcmail->user->data['username'], $this->__getSecret(), $user_agent, $rand, $expires)), $rcmail->config->get('des_key'), TRUE);
$plain_content = sprintf("%d:%d:%s", $expires, $rand, $signature);
$encrypted_content = openssl_encrypt($plain_content, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
if ($encrypted_content !== false) {
$b64_encrypted_content = strtr(base64_encode($encrypted_content), '+/=', '-_,');
rcube_utils::setcookie($name, $b64_encrypted_content, $expires);
return TRUE;
}
return false;
} else {
$b64_encrypted_content = filter_input(INPUT_COOKIE, $name, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/[a-zA-Z0-9_-]+,{0,3}/')));
if (is_string($b64_encrypted_content) && !empty($b64_encrypted_content) && strlen($b64_encrypted_content) % 4 === 0) {
$encrypted_content = base64_decode(strtr($b64_encrypted_content, '-_,', '+/='), TRUE);
if ($encrypted_content !== false) {
$plain_content = openssl_decrypt($encrypted_content, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
if ($plain_content !== false) {
$now = time();
list($expires, $rand, $signature) = explode(':', $plain_content, 3);
if ($expires > $now && $expires - $now <= 2592000) {
$signature_verification = hash_hmac('sha512', implode("", array($rcmail->user->data['username'], $this->__getSecret(), $user_agent, $rand, $expires)), $rcmail->config->get('des_key'), TRUE);
// constant time
$cmp = strlen($signature) ^ strlen($signature_verification);
$signature = $signature ^ $signature_verification;
for ($i = 0; $i < strlen($signature); $i++) {
$cmp += ord($signature[$i]);
}
return $cmp === 0;
}
}
}
}
return false;
}
}
