Add: /core/cookie.class.php for create and encrypt/decrypt cookie value with personnal key
configured in conf.php with $dolibarr_main_cookie_cryptkey
This commit is contained in:
Regis Houssin
parent
865f6198e8
commit
149e232bd3
@ -148,6 +148,16 @@ $dolibarr_main_authentication="dolibarr";
|
||||
$dolibarr_main_force_https="0";
|
||||
|
||||
|
||||
# dolibarr_main_cookie_cryptkey
|
||||
# This parameter contains the key for crypted cookies.
|
||||
# Warning: This parameter must be configured with multicompany module
|
||||
# Default value: 123
|
||||
# Possible values: must be a integer
|
||||
# Examples:
|
||||
# $dolibarr_main_cookie_cryptkey="6589148567895233654";
|
||||
#
|
||||
# $dolibarr_main_cookie_cryptkey="123456789";
|
||||
|
||||
# Parameters used to setup LDAP authentication.
|
||||
# Uncomment them if dolibarr_main_authentication = "ldap"
|
||||
#
|
||||
|
||||
116
htdocs/core/cookie.class.php
Normal file
116
htdocs/core/cookie.class.php
Normal file
@ -0,0 +1,116 @@
|
||||
<?php
|
||||
/* Copyright (C) 2009 Regis Houssin <regis@dolibarr.fr>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
*/
|
||||
|
||||
/**
|
||||
\file htdocs/core/cookie.class.php
|
||||
\ingroup core
|
||||
\version $Id$
|
||||
\brief File of class to manage cookies
|
||||
*/
|
||||
|
||||
|
||||
class DolCookie
|
||||
{
|
||||
var $myKey;
|
||||
var $myCookie;
|
||||
var $myValue;
|
||||
var $myExpire;
|
||||
var $myPath;
|
||||
var $myDomain;
|
||||
var $mySsecure;
|
||||
var $cookiearray;
|
||||
var $cookie;
|
||||
|
||||
/**
|
||||
* \brief Constructor
|
||||
* \param key Personnal key
|
||||
*/
|
||||
function DolCookie($key = 123)
|
||||
{
|
||||
$this->myKey = $key;
|
||||
$this->cookiearray = array();
|
||||
$this->cookie = "";
|
||||
$this->myCookie = "";
|
||||
$this->myValue = "";
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* \brief Encrypt en create the cookie
|
||||
*/
|
||||
function cryptCookie()
|
||||
{
|
||||
$valuecrypt = base64_encode($this->myValue);
|
||||
for ($f=0 ; $f<=strlen($valuecrypt)-1; $f++)
|
||||
{
|
||||
$this->cookie .= intval(ord($valuecrypt[$f]))*$this->myKey."|";
|
||||
}
|
||||
|
||||
setcookie($this->myCookie, $this->cookie, $this->myExpire, $this->myPath, $this->myDomain, $this->mySecure);
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Decrypt the cookie
|
||||
*/
|
||||
function decryptCookie()
|
||||
{
|
||||
$this->cookiearray = explode("|",$_COOKIE[$this->myCookie]);
|
||||
$this->myValue = "" ;
|
||||
for ($f=0 ; $f<=count($this->cookiearray)-2; $f++)
|
||||
{
|
||||
$this->myValue .= strval(chr($this->cookiearray[$f]/$this->myKey));
|
||||
}
|
||||
|
||||
return(base64_decode($this->myValue)) ;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Set and create the cookie
|
||||
* \param cookie Cookie name
|
||||
* \param value Cookie value
|
||||
*/
|
||||
function _setCookie($cookie, $value, $expire=0, $path="/", $domain="", $secure=0)
|
||||
{
|
||||
$this->myCookie = $cookie;
|
||||
$this->myValue = $value;
|
||||
$this->myExpire = $expire;
|
||||
$this->myPath = $path;
|
||||
$this->myDomain = $domain;
|
||||
$this->mySsecure = $secure;
|
||||
|
||||
$this->cryptCookie();
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Get the cookie
|
||||
* \param cookie Cookie name
|
||||
* \param value Cookie value
|
||||
* \return decryptValue Decrypted value
|
||||
*/
|
||||
function _getCookie($cookie)
|
||||
{
|
||||
$this->myCookie = $cookie;
|
||||
|
||||
$decryptValue = $this->decryptCookie();
|
||||
|
||||
return $decryptValue;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
@ -446,7 +446,7 @@ if (! isset($_SESSION["dol_login"]))
|
||||
if (!isset($HTTP_COOKIE_VARS[$entityCookieName]))
|
||||
{
|
||||
$entityCookie = new DolCookie($dolibarr_main_cookie_cryptkey);
|
||||
$entityCookie->_setCookie($entityCookieName, $_POST["entity"]);
|
||||
$entityCookie->_setCookie($entityCookieName, $entity);
|
||||
|
||||
//setcookie($entityCookieName, $entity, 0, "/", "", 0);
|
||||
}
|
||||
|
||||
@ -214,7 +214,11 @@ if (! defined('NOREQUIREDB'))
|
||||
else if (isset($_COOKIE[$entityCookieName])) // Inside a browser navigation
|
||||
{
|
||||
// TODO See to remove this later as it is a security hole
|
||||
$conf->entity = $_COOKIE[$entityCookieName];
|
||||
include_once(DOL_DOCUMENT_ROOT."/core/cookie.class.php");
|
||||
$entityCookie = new DolCookie($dolibarr_main_cookie_cryptkey);
|
||||
$conf->entity = $entityCookie->_getCookie($entityCookieName);
|
||||
|
||||
//$conf->entity = $_COOKIE[$entityCookieName];
|
||||
}
|
||||
elseif (session_id() && isset($_SESSION["dol_entity"])) // Inside an opened session
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user