From f43d69faef75703ba662a4169584139fcea62ea8 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Fri, 8 May 2009 21:17:02 +0000
Subject: [PATCH] =?UTF-8?q?Todo:=20utiliser=20$user->datelastlogin=20pour?=
 =?UTF-8?q?=20un=20cryptage=20al=E9atoire?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 htdocs/main.inc.php   | 5 +++--
 htdocs/master.inc.php | 8 ++++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 0c319865258..dbd8383c8f5 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -442,10 +442,11 @@ if (! isset($_SESSION["dol_login"]))
 		
 		$entity = $_POST["entity"];
 		$entityCookieName = "DOLENTITYID_dolibarr";
-		
+
 		if (!isset($HTTP_COOKIE_VARS[$entityCookieName]))
 		{
-			$entityCookie = new DolCookie($dolibarr_main_cookie_cryptkey);
+			// Todo: utiliser $user->datelastlogin pour un cryptage aléatoire
+			$entityCookie = new DolCookie($conf->file->main_cookie_cryptkey);
 			$entityCookie->_setCookie($entityCookieName, $entity);
 			
 			//setcookie($entityCookieName, $entity, 0, "/", "", 0);
diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php
index eef41bf11b3..e2d0f076a69 100644
--- a/htdocs/master.inc.php
+++ b/htdocs/master.inc.php
@@ -136,6 +136,9 @@ $conf->file->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_m
 // Define charset for HTML Output (can set hidden value force_charset in conf.php file)
 if (empty($force_charset_do_notuse)) $force_charset_do_notuse='UTF-8';
 $conf->file->character_set_client=strtoupper($force_charset_do_notuse);
+// Define the encrypt key for cookie
+if (empty($dolibarr_main_cookie_cryptkey)) $dolibarr_main_cookie_cryptkey='123';
+$conf->file->main_cookie_cryptkey=$dolibarr_main_cookie_cryptkey;
 
 // Define array of document root directories
 $conf->file->dol_document_root=array(DOL_DOCUMENT_ROOT);
@@ -215,9 +218,10 @@ if (! defined('NOREQUIREDB'))
 	{
 		// TODO See to remove this later as it is a security hole
 		include_once(DOL_DOCUMENT_ROOT."/core/cookie.class.php");
-		$entityCookie = new DolCookie($dolibarr_main_cookie_cryptkey);
+
+		$entityCookie = new DolCookie($conf->file->main_cookie_cryptkey);
 		$conf->entity = $entityCookie->_getCookie($entityCookieName);
-			
+
 		//$conf->entity = $_COOKIE[$entityCookieName];
 	}
 	elseif (session_id() && isset($_SESSION["dol_entity"]))			// Inside an opened session