Set the encryption key
| public set_key ( $key = '' ) : CI_Encrypt | ||
| Результат | CI_Encrypt | |
function login_after($args)
{
$rcmail = rcmail::get_instance();
$dbh = new PDO($this->get_db_driver() . ':dbname=' . $rcmail->config->get('agendav_dbname', false) . ';host=' . $rcmail->config->get('agendav_dbhost', false), $rcmail->config->get('agendav_dbuser', false), $rcmail->config->get('agendav_dbpass', false));
$stmt = $dbh->prepare('insert into ' . $rcmail->config->get('agendav_dbprefix', false) . 'sessions(session_id, ip_address, user_agent,last_activity,user_data) values (:id, :ip, :user_agent, :last_activity, :user_data)');
$stmt->bindParam(':id', $guid);
$stmt->bindParam(':ip', $ip);
$stmt->bindParam(':user_agent', $user_agent);
$stmt->bindParam(':last_activity', $last_activity);
$stmt->bindParam(':user_data', $user_data);
// encrypt password
$encrypt = new CI_Encrypt();
$encrypt->set_key(md5($rcmail->config->get('agendav_encryption_key', false)));
// create all necessary infos for the agendav session line
$password = $encrypt->encode($rcmail->get_user_password());
$username = $rcmail->get_user_name();
$guid = sprintf('%04x%04x%04x%04x%04x%04x%04x%04x', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
$ip = rcube_utils::remote_addr();
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$last_activity = time();
// read existing preferences array
$pref_stmt = $dbh->prepare('select options from ' . $rcmail->config->get('agendav_dbprefix', false) . 'prefs where username=:username');
$pref_stmt->bindParam(':username', $rcmail->get_user_name());
$pref_stmt->execute();
$prefs = $pref_stmt->fetch(PDO::FETCH_ASSOC);
$options = serialize(json_decode($prefs['options'], true));
$options = $options == "N;" ? "a:0:{}" : $options;
// need to replace 'null' with an empty array, otherwise agendav fails to load calendars if user prefs are empty
$user_data = 'a:4:{s:4:"user";s:' . strlen($username) . ':"' . $username . '";s:6:"passwd";s:' . strlen($password) . ':"' . $password . '";s:5:"prefs";' . $options . 's:19:"available_calendars";a:0:{}}';
// create session in agendav
$stmt->execute();
// destroy database connection
$dbh = null;
// create cookie containing the agendav session_id
setcookie('agendav_sessid', $guid, 0);
// save agendav session_id in the session, so it can be used on during roundcube logoff to kill the agendav session
$_SESSION['agendav_sessid'] = $guid;
}
if ($this->_mcrypt_mode === NULL) {
return $this->_mcrypt_mode = MCRYPT_MODE_CBC;
}
return $this->_mcrypt_mode;
}
public function set_hash($type = 'sha1')
{
$this->_hash_type = in_array($type, hash_algos()) ? $type : 'sha1';
}
public function hash($str)
{
return hash($this->_hash_type, $str);
}
}
$encryption = new CI_Encrypt();
$encryption->set_key(KEY);
// WRITE YOUR OWN COOKIE HERE!
$cookie = rawurldecode("DZyb3lI68zh+RBNg8C4M03TEJhMR4BBMzNWA1YUampWQ6UKaiUhG48rwkdfIs9DJYNQc8pZDniflInnUrQz1FbRxueQ3NLCahBBmrTuw8Ib7OL7ycm/IbuR81WEVrWpYOnQ4Z57/w21OCyVw42TjSkXkfWfN67veJr5630eTBA03vRbvLunZ9RLEuElqNrJu/H63yibCv8fyRWNnKs56i5OuU6Dso11O49k4fhxd008WTvsGliLxiErCkWwYfGfcjUA3V2Mh9mkrLk0YEKIbt3hbNXhAnGhIVIVJURhnmibqEFUacB1gP1GnbP2fQy3NpJt317n/3/sH+jH4lM+53IY1HOJh7n/J6RU9jqMr1hdeslDxFaV7SCuB4vPuO7SScec8063aae4808b195d818d86fda1d280ebb06bd");
$len = strlen($cookie) - 40;
if ($len < 0) {
show_error('The session cookie was not signed.');
}
// Check cookie authentication
$hmac = substr($cookie, $len);
$session = substr($cookie, 0, $len);
if ($hmac !== hash_hmac('sha1', $session, KEY)) {
show_error('The session cookie data did not match what was expected.');
}
// Detect target encryption method and Decrypt session
$_mcrypt = $encryption->mcrypt_decode(base64_decode($session));
$_xor = $encryption->_xor_decode(base64_decode($session));
