public static function setcookie($name, $value, $exp = 0) { rcube_utils::setcookie($name, $value, $exp); }
/** * Set session authentication cookie */ public function set_auth_cookie() { $this->cookie = $this->_mkcookie($this->now); rcube_utils::setcookie($this->cookiename, $this->cookie, 0); $_COOKIE[$this->cookiename] = $this->cookie; }
/** * removes/unsets a cookie. * * @param $name the name of the cookie. * @return bool */ function remove_cookie($name) { if (headers_sent()) { return false; } if (class_exists('rcube_utils')) { rcube_utils::setcookie($name, "", time() - 60); } else { rcmail::get_instance()->setcookie($name, "", time() - 60); } return true; }
/** * removes/unsets a cookie. * * @param $name the name of the cookie. * @return bool */ function remove_cookie($name) { if (headers_sent()) { return false; } rcube_utils::setcookie($name, "", time() - 60); return true; }
private function __cookie($set = TRUE) { $rcmail = rcmail::get_instance(); $user_agent = hash_hmac('md5', filter_input(INPUT_SERVER, 'USER_AGENT') ?: "", $rcmail->config->get('des_key')); $key = hash_hmac('sha256', implode("", array($rcmail->user->data['username'], $this->__getSecret())), $rcmail->config->get('des_key'), TRUE); $iv = hash_hmac('md5', implode("", array($rcmail->user->data['username'], $this->__getSecret())), $rcmail->config->get('des_key'), TRUE); $name = hash_hmac('md5', $rcmail->user->data['username'], $rcmail->config->get('des_key')); if ($set) { $expires = time() + 2592000; // 30 days from now $rand = mt_rand(); $signature = hash_hmac('sha512', implode("", array($rcmail->user->data['username'], $this->__getSecret(), $user_agent, $rand, $expires)), $rcmail->config->get('des_key'), TRUE); $plain_content = sprintf("%d:%d:%s", $expires, $rand, $signature); $encrypted_content = openssl_encrypt($plain_content, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); if ($encrypted_content !== false) { $b64_encrypted_content = strtr(base64_encode($encrypted_content), '+/=', '-_,'); rcube_utils::setcookie($name, $b64_encrypted_content, $expires); return TRUE; } return false; } else { $b64_encrypted_content = filter_input(INPUT_COOKIE, $name, FILTER_VALIDATE_REGEXP, array('options' => array('regexp' => '/[a-zA-Z0-9_-]+,{0,3}/'))); if (is_string($b64_encrypted_content) && !empty($b64_encrypted_content) && strlen($b64_encrypted_content) % 4 === 0) { $encrypted_content = base64_decode(strtr($b64_encrypted_content, '-_,', '+/='), TRUE); if ($encrypted_content !== false) { $plain_content = openssl_decrypt($encrypted_content, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); if ($plain_content !== false) { $now = time(); list($expires, $rand, $signature) = explode(':', $plain_content, 3); if ($expires > $now && $expires - $now <= 2592000) { $signature_verification = hash_hmac('sha512', implode("", array($rcmail->user->data['username'], $this->__getSecret(), $user_agent, $rand, $expires)), $rcmail->config->get('des_key'), TRUE); // constant time $cmp = strlen($signature) ^ strlen($signature_verification); $signature = $signature ^ $signature_verification; for ($i = 0; $i < strlen($signature); $i++) { $cmp += ord($signature[$i]); } return $cmp === 0; } } } } return false; } }