[Phpgroupware-cvs] [19014] Fix a first admin login heisenbug ...

phpgroupware-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] [19014] Fix a first admin login heisenbug ...

From:	Caeies
Subject:	[Phpgroupware-cvs] [19014] Fix a first admin login heisenbug ...
Date:	Wed, 10 Dec 2008 17:16:03 +0000

Revision: 19014
          
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=19014
Author:   Caeies
Date:     2008-12-10 17:16:02 +0000 (Wed, 10 Dec 2008)

Log Message:
-----------
Fix a first admin login heisenbug ... this is kinda a hotfix until we find a 
better way to initialize the crypto object !

Modified Paths:
--------------
    core/trunk/setup/accounts.php

Modified: core/trunk/setup/accounts.php
===================================================================
--- core/trunk/setup/accounts.php       2008-12-10 16:51:25 UTC (rev 19013)
+++ core/trunk/setup/accounts.php       2008-12-10 17:16:02 UTC (rev 19014)
@@ -201,6 +201,14 @@
                $GLOBALS['phpgw']->db       =& $db;
                $GLOBALS['phpgw']->acl          = CreateObject('phpgwapi.acl');
                $GLOBALS['phpgw']->accounts = CreateObject('phpgwapi.accounts');
+               //XXX Dec 08. Caeies : Fix the first admin login when using 
cache as files and that mcrypt is enabled
+               //XXX Dec 08. Caeies : This is stolen from 
phpgwapi/inc/class.sessions.inc.php ... which let me think that's there's a 
design problem there.
+               //XXX Dec 08. Caeies : If a notice or error is triggered from 
here ... then your config was not properly done.
+               //XXX Dec 08. Caeies : note : we rely on the fact that the 
setup use the same session_id than the one which is used for the next session 
generation ... if it not the case ... then 
+               //XXX Dec 08. Caeies : the resulting cached string will not be 
able to be decoded ... hope this don't broke to much thing.
+               //XXX Dec 08. Caeies : btw it's potentially risky not to 
encrypt the session files since the admin password is stored in clear in the 
cache file. no idea for shm.
+               $GLOBALS['phpgw']->crypto->init(array(md5(session_id() . 
$GLOBALS['phpgw_info']['server']['encryptkey']), 
$GLOBALS['phpgw_info']['server']['mcrypt_iv']));
+               
 
                /* Posted admin data */
                // We need to reverse the entities or the password can be 
mangled

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-cvs] [19014] Fix a first admin login heisenbug ..., Caeies <=

Prev by Date: [Phpgroupware-cvs] [19013] Clean: coherence with ged code allowing 3 levels for versions
Next by Date: [Phpgroupware-cvs] [19015] Fix a missing key
Previous by thread: [Phpgroupware-cvs] [19013] Clean: coherence with ged code allowing 3 levels for versions
Next by thread: [Phpgroupware-cvs] [19015] Fix a missing key
Index(es):
- Date
- Thread