/*------begin------ This protection code was suggested by Luki R. luki@karet.org ---- */
if (eregi("inc_init_crypt.php", $PHP_SELF)) {
die('<meta http-equiv="refresh" content="0; url=../">');
}
/*------end------*/
/**
* This initializes the hcemd5 crypt function
*/
function makeRand()
{
srand((double) microtime() * 32767);
$rand = rand(1, 32767);
return pack('i*', $rand);
}
include_once $root_path . 'classes/pear/crypt/hcemd5.php';
include_once $root_path . 'include/inc_init_main.php';
// This loads the chaining keys
/**
* The INIT_DECODE must be defined at the calling script before including this script
* INIT_DECODE=1 // will not start creation of random key and create decoder object
* INIT_DECODE= undefined or not 1 // will start creation of random key and create encoder object
*/
if (defined('INIT_DECODE') && INIT_DECODE == 1) {
$dec_hcemd5 = new Crypt_HCEMD5($key, '');
} else {
$enc_hcemd5 = new Crypt_HCEMD5($key, makeRand());
}
?>
}
if ($mode != '') {
if ($mode == 'access' && $password != '' && $username != '' && $dept != '') {
$sql = "SELECT * FROM {$dbtable} WHERE email='{$username}@{$dept}'";
if ($ergebnis = $db->Execute($sql)) {
if ($ergebnis->RecordCount()) {
$content = $ergebnis->FetchRow();
if (md5($password) == $content['pw']) {
/**
* Init crypt to use 2nd level key and encrypt the sid.
* Store to cookie the "$ck_2level_sid.$sid"
* There is no need to call another include of the inc_init_crypt.php since it is already included at the start
* of the script that called this script.
*/
//include("../include/inc_init_crypt.php"); // initialize crypt
$enc_2level = new Crypt_HCEMD5($key_2level, makeRand());
$ciphersid = $enc_2level->encodeMimeSelfRand($sid);
setcookie(ck_2level_sid . $sid, $ciphersid);
setcookie('ck_intra_email_user' . $sid, $content[email]);
header("location:{$forwardfile}");
exit;
} else {
$onError = $LDErrorLogin;
}
} else {
// if last check data not available
$newuser = 1;
}
} else {
echo "{$LDDbNoRead}<br>{$sql}";
}
