Mercurial Mercurial > repos > greyhound / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sessions.php
changeset 74 7719085707d8
parent 44 92dd253f501c
equal deleted inserted replaced
73:1f55c324efcf 74:7719085707d8 
    70  */
 
    70  */
 
    71 
    71 
    72 function session_check()
 
    72 function session_check()
 
    73 {
 
    73 {
 
    74   global $use_auth, $auth_data;
 
    74   global $use_auth, $auth_data;
 
       
    75   
       
    76   if ( !$use_auth )
 
       
    77     return true;
 
       
    78   
    75   if ( isset($_COOKIE['grey_session']) )
 
    79   if ( isset($_COOKIE['grey_session']) )
 
    76   {
 
    80   {
 
    77     load_session_data();
 
    81     load_session_data();
 
    78     global $session_data;
 
    82     global $session_data;
 
    79     if ( isset($session_data[$_COOKIE['grey_session']]) )
 
    83     if ( isset($session_data[$_COOKIE['grey_session']]) )
 
    80     {
 
    84     {
 
    81       // has a cookie with a valid session ID, check credentials
 
    85       // has a cookie with a valid session ID, check credentials
 
    82       $session =& $session_data[$_COOKIE['grey_session']];
 
    86       $session =& $session_data[$_COOKIE['grey_session']];
 
    83       if ( isset($auth_data[$session['user']]) )
 
    87       if ( isset($auth_data[$session['user']]) )
 
    84       {
 
    88       {
 
    85         if ( $session['hash'] === md5($auth_data[$session['user']] . $session['salt']) )
 
    89         $password =& $auth_data[$session['user']];
 
       
    90         if ( $session['hash'] === hmac_md5($password, $session['salt']) )
 
    86         {
 
    91         {
 
    87           // session is valid, logged in
 
    92           // session is valid, logged in
 
    88           return true;
 
    93           return $session['user'];
 
    89         }
 
    94         }
 
    90       }
 
    95       }
 
    91     }
 
    96     }
 
    92   }
 
    97   }
 
    93   return ( $use_auth ) ? false : true;
 
    98   return ( $use_auth ) ? false : true;
 
   117   $sessid = md5(sha1(microtime() . mt_rand()));
 
   122   $sessid = md5(sha1(microtime() . mt_rand()));
 
   118   $salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));
 
   123   $salt = md5(sha1(md5(mt_rand() . microtime() . microtime() . mt_rand())));
 
   119   
   124   
   120   $session_data[$sessid] = array(
 
   125   $session_data[$sessid] = array(
 
   121       'user' => $username,
 
   126       'user' => $username,
 
   122       'hash' => md5($password . $salt),
 
   127       'hash' => hmac_md5($password, $salt),
 
   123       'salt' => $salt
 
   128       'salt' => $salt
 
   124     );
 
   129     );
 
   125   session_commit_db();
 
   130   session_commit_db();
 
   126   
   131   
   127   return $sessid;
 
   132   return $sessid;
 
   172   }
 
   177   }
 
   173 }
 
   178 }
 
   174 
   179 
   175 $session_data = array();
 
   180 $session_data = array();
 
   176 
   181 
       
   182 /*
 
       
   183  * All this HMAC stuff is ported (ok, copied and pasted) from Enano.
 
       
   184  * Hey, I own the copyright on it.
 
       
   185  */
 
       
   186 
       
   187 function hmac_core($message, $key, $hashfunc)
 
       
   188 {
 
       
   189   if ( strlen($key) % 2 == 1 )
 
       
   190     $key .= '0';
 
       
   191   
       
   192   if ( strlen($key) > 128 )
 
       
   193     $key = $hashfunc($key);
 
       
   194   
       
   195   while ( strlen($key) < 128 )
 
       
   196   {
 
       
   197     $key .= '00';
 
       
   198   }
 
       
   199   $opad = hmac_hexbytearray($key);
 
       
   200   $ipad = $opad;
 
       
   201   for ( $i = 0; $i < count($ipad); $i++ )
 
       
   202   {
 
       
   203     $opad[$i] = $opad[$i] ^ 0x5c;
 
       
   204     $ipad[$i] = $ipad[$i] ^ 0x36;
 
       
   205   }
 
       
   206   $opad = hmac_bytearraytostring($opad);
 
       
   207   $ipad = hmac_bytearraytostring($ipad);
 
       
   208   return $hashfunc($opad . hexdecode($hashfunc($ipad . $message)));
 
       
   209 }
 
       
   210 
       
   211 function hmac_hexbytearray($val)
 
       
   212 {
 
       
   213   $val = hexdecode($val);
 
       
   214   return hmac_bytearray($val);
 
       
   215 }
 
       
   216 
       
   217 function hmac_bytearray($val)
 
       
   218 {
 
       
   219   $val = str_split($val, 1);
 
       
   220   foreach ( $val as &$char )
 
       
   221   {
 
       
   222     $char = ord($char);
 
       
   223   }
 
       
   224   return $val;
 
       
   225 }
 
       
   226 
       
   227 function hmac_bytearraytostring($val)
 
       
   228 {
 
       
   229   foreach ( $val as &$char )
 
       
   230   {
 
       
   231     $char = chr($char);
 
       
   232   }
 
       
   233   return implode('', $val);
 
       
   234 }
 
       
   235 
       
   236 function hmac_md5($message, $key)
 
       
   237 {
 
       
   238   return hmac_core($message, $key, 'md5');
 
       
   239 }
 
       
   240 
   177 ?>
 
   241 ?>
Greyhound