Skip to content
Snippets Groups Projects
Commit fb58dca0 authored by Giovannoni Laurent's avatar Giovannoni Laurent
Browse files

FEAT #1773 add httpOnly

parent ff347bb4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/trunk/core/class/ObjectControlerAbstract.php
+ 0
1
View file @ fb58dca0
...@@ -315,7 +315,6 @@ abstract class ObjectControler ...@@ -315,7 +315,6 @@ abstract class ObjectControler
$rows = $database->resultset(); $rows = $database->resultset();
for ($cpt=0;$cpt<count($rows);$cpt++) { for ($cpt=0;$cpt<count($rows);$cpt++) {
print_r($rows[$cpt]);
foreach ($rows[$cpt] as $key => $value) { foreach ($rows[$cpt] as $key => $value) {
if (_ADVANCED_DEBUG) { if (_ADVANCED_DEBUG) {
echo "Getting property: $key with value: $value // "; echo "Getting property: $key with value: $value // ";
......
core/trunk/core/class/class_security.php
+ 11
9
View file @ fb58dca0
...@@ -117,20 +117,20 @@ class security extends dbquery ...@@ -117,20 +117,20 @@ class security extends dbquery
$comp =" and STATUS <> 'DEL'"; $comp =" and STATUS <> 'DEL'";
} else { } else {
if ($ra_code <> false) { if ($ra_code <> false) {
$comp = " and password = :param1 and ra_code = '" $comp = " and password = :password and ra_code = '"
. md5($ra_code) . "' and ra_expiration_date >= '" . date('Y-m-d 00:00:00') . "' and STATUS <> 'DEL' " . md5($ra_code) . "' and ra_expiration_date >= '" . date('Y-m-d 00:00:00') . "' and STATUS <> 'DEL' "
. "and (loginmode = 'standard' or loginmode = 'sso')"; . "and (loginmode = 'standard' or loginmode = 'sso')";
} }
else { else {
$comp = " and password = :param1 and STATUS <> 'DEL' " $comp = " and password = :password and STATUS <> 'DEL' "
. "and (loginmode = 'standard' or loginmode = 'sso')"; . "and (loginmode = 'standard' or loginmode = 'sso')";
} }
$params = array('password' => $pass);
} }
} else { } else {
$comp = " and password = :param1 and STATUS <> 'DEL'"; $comp = " and password = :password and STATUS <> 'DEL'";
$params = array('password' => $pass);
} }
$params = array('param1' => $pass);
$user = $uc->getWithPDO($s_login, $comp, $params); $user = $uc->getWithPDO($s_login, $comp, $params);
} else { } else {
// #TODO : Not usefull anymore, loginmode field is always in users table // #TODO : Not usefull anymore, loginmode field is always in users table
...@@ -176,7 +176,8 @@ class security extends dbquery ...@@ -176,7 +176,8 @@ class security extends dbquery
// $_SESSION['error'] = ''; // $_SESSION['error'] = '';
setcookie( setcookie(
'maarch', 'UserId=' . $array['UserId'] . '&key=' 'maarch', 'UserId=' . $array['UserId'] . '&key='
. $user->__get('cookie_key'), time() - 3600000 . $user->__get('cookie_key'), time() - 3600000,
0, 0, 0, 1
); );
$key = md5( $key = md5(
time() . '%' . $array['FirstName'] . '%' . $array['UserId'] time() . '%' . $array['FirstName'] . '%' . $array['UserId']
...@@ -194,7 +195,8 @@ class security extends dbquery ...@@ -194,7 +195,8 @@ class security extends dbquery
$uc->save($user, 'up'); $uc->save($user, 'up');
setcookie( setcookie(
'maarch', 'UserId=' . $array['UserId'] . '&key=' 'maarch', 'UserId=' . $array['UserId'] . '&key='
. $key, time() + ($_SESSION['config']['cookietime'] * 1000) . $key, time() + ($_SESSION['config']['cookietime'] * 1000),
0, 0, 0, 1
); );
$array['primarygroup'] = $ugc ->getPrimaryGroup( $array['primarygroup'] = $ugc ->getPrimaryGroup(
$array['UserId'] $array['UserId']
...@@ -319,7 +321,7 @@ class security extends dbquery ...@@ -319,7 +321,7 @@ class security extends dbquery
$_SESSION['user']['Mail'] = $user->__get('mail'); $_SESSION['user']['Mail'] = $user->__get('mail');
$_SESSION['user']['department'] = $user->__get('department'); $_SESSION['user']['department'] = $user->__get('department');
$_SESSION['error'] = ""; $_SESSION['error'] = "";
setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->cookie_key,time()-3600000); setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->cookie_key,time()-3600000, 0, 0, 0, 1);
$key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%"); $key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%");
$user->__set('cookie_key', functions::protect_string_db($key)); $user->__set('cookie_key', functions::protect_string_db($key));
...@@ -329,7 +331,7 @@ class security extends dbquery ...@@ -329,7 +331,7 @@ class security extends dbquery
$user->__set('cookie_date',date("Y-m-d")." ".date("H:m:i")); $user->__set('cookie_date',date("Y-m-d")." ".date("H:m:i"));
$uc->save($user, 'up'); $uc->save($user, 'up');
setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+($_SESSION['config']['cookietime']*60)); setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+($_SESSION['config']['cookietime']*60), 0, 0, 0, 1);
$_SESSION['user']['primarygroup'] = $ugc->getPrimaryGroup($_SESSION['user']['UserId']); $_SESSION['user']['primarygroup'] = $ugc->getPrimaryGroup($_SESSION['user']['UserId']);
$sec_controler = new SecurityControler(); $sec_controler = new SecurityControler();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment