|
|
@ -628,15 +628,66 @@ abstract class rcube_session
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|
* Create session cookie from session data
|
|
|
|
* Create session cookie from session data.
|
|
|
|
|
|
|
|
* The cookie will be hashed using a method defined by session.hash_function.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* @param int Time slot to use
|
|
|
|
* @param int Time slot to use
|
|
|
|
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
function _mkcookie($timeslot)
|
|
|
|
protected function _mkcookie($timeslot)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
$auth_string = "$this->key,$this->secret,$timeslot";
|
|
|
|
$auth_string = "$this->key,$this->secret,$timeslot";
|
|
|
|
return "S" . (function_exists('sha1') ? sha1($auth_string) : md5($auth_string));
|
|
|
|
$hash_method = (string) ini_get('session.hash_function');
|
|
|
|
|
|
|
|
$hash_nbits = (int) ini_get('session.hash_bits_per_character');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!$hash_method) {
|
|
|
|
|
|
|
|
$hash_method = 'md5';
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else if ($hash_method === '1') {
|
|
|
|
|
|
|
|
$hash_method = 'sha1';
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($hash_nbits < 4 || $hash_nbits > 6) {
|
|
|
|
|
|
|
|
$hash_nbits = 4;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Hash the authentication string
|
|
|
|
|
|
|
|
$hash = openssl_digest($auth_string, $hash_method, true);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Above method returns "hexits". To be really compatible
|
|
|
|
|
|
|
|
// with session hashes generated by PHP core we'll get
|
|
|
|
|
|
|
|
// a raw (binary) hash and convert it to a readable form
|
|
|
|
|
|
|
|
// as in bin_to_readable() function in ext/session/session.c.
|
|
|
|
|
|
|
|
$hextab = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
|
|
|
|
|
|
|
|
$length = strlen($hash);
|
|
|
|
|
|
|
|
$result = '';
|
|
|
|
|
|
|
|
$char = 0;
|
|
|
|
|
|
|
|
$i = 0;
|
|
|
|
|
|
|
|
$have = 0;
|
|
|
|
|
|
|
|
$mask = (1 << $hash_nbits) - 1;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
while (true) {
|
|
|
|
|
|
|
|
if ($have < $hash_nbits) {
|
|
|
|
|
|
|
|
if ($i < $length) {
|
|
|
|
|
|
|
|
$char |= ord($hash[$i++]) << $have;
|
|
|
|
|
|
|
|
$have += 8;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else if (!$have) {
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
|
|
|
|
|
|
|
$have = $hash_nbits;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// consume nbits
|
|
|
|
|
|
|
|
$result .= $hextab[$char & $mask];
|
|
|
|
|
|
|
|
$char >>= $hash_nbits;
|
|
|
|
|
|
|
|
$have -= $hash_nbits;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
/**
|
|
|
|