# HG changeset patch
# User Dan
# Date 1204415754 18000
# Node ID 1cc8a038ad205fc4106998762ab51e0da4eb8349
# Parent  fe8b8c9b54e8c19a4d32b5d1ff109109e85d185f
Fixed improper serializing of IP that could allow reusing of key from multiple IP addresses.

diff -r fe8b8c9b54e8 -r 1cc8a038ad20 includes/sessions.php
--- a/includes/sessions.php	Sat Mar 01 18:55:30 2008 -0500
+++ b/includes/sessions.php	Sat Mar 01 18:55:54 2008 -0500
@@ -1112,8 +1112,8 @@
     // $keyhash is stored in the database, this is for compatibility with the older DB structure
     $keyhash = md5($session_key);
     // Record the user's IP
-    $ip = ip2hex($_SERVER['REMOTE_ADDR']);
-    if(!$ip)
+    $ip = $_SERVER['REMOTE_ADDR'];
+    if(!is_valid_ip($ip))
       die('$session->register_session: Remote-Addr was spoofed');
     // The time needs to be stashed to enforce the 15-minute limit on elevated session keys
     $time = time();
@@ -1179,7 +1179,7 @@
     else
     {
       $this->theme = ( isset($_GET['theme']) && isset($template->named_theme_list[$_GET['theme']])) ? $_GET['theme'] : $template->default_theme;
-      $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : substr($template->named_theme_list[$this->theme]['default_style'], 0, strlen($template->named_theme_list[$this->theme]['default_style'])-4);
+      $this->style = ( isset($_GET['style']) && file_exists(ENANO_ROOT.'/themes/'.$this->theme . '/css/'.$_GET['style'].'.css' )) ? $_GET['style'] : preg_replace('/\.css$/', '', $template->named_theme_list[$this->theme]['default_style']);
     }
     $this->user_id = 1;
     // This is a VERY special case we are allowing. It lets the installer create languages using the Enano API.
@@ -1250,7 +1250,7 @@
     }
     $row = $db->fetchrow();
     $row['user_id'] =& $row['uid'];
-    $ip = ip2hex($_SERVER['REMOTE_ADDR']);
+    $ip = $_SERVER['REMOTE_ADDR'];
     if($row['auth_level'] > $row['user_level'])
     {
       // Failed authorization check
@@ -3514,4 +3514,20 @@
   
 }
 
+/**
+ * Cron task - clears out the database of Diffie-Hellman keys
+ */
+
+function cron_clean_login_cache()
+{
+  global $db, $session, $paths, $template, $plugins; // Common objects
+  
+  if ( !$db->sql_query('DELETE FROM ' . table_prefix . 'diffiehellman;') )
+    $db->_die();
+  
+  setConfig('login_key_cache', '');
+}
+
+register_cron_task('cron_clean_login_cache', 72);
+
 ?>