Feature #20577 ยป 0011280.patch
| t3lib/stddb/tables.sql (Arbeitskopie) | ||
|---|---|---|
|
# Table structure for table 'be_sessions'
|
||
|
#
|
||
|
CREATE TABLE be_sessions (
|
||
|
ses_id varchar(32) DEFAULT '' NOT NULL,
|
||
|
ses_id varchar(40) DEFAULT '' NOT NULL,
|
||
|
ses_name varchar(32) DEFAULT '' NOT NULL,
|
||
|
ses_iplock varchar(39) DEFAULT '' NOT NULL,
|
||
|
ses_hashlock int(11) DEFAULT '0' NOT NULL,
|
||
| t3lib/class.t3lib_userauth.php (Arbeitskopie) | ||
|---|---|---|
|
var $writeAttemptLog = FALSE; // If the writelog() functions is called if a login-attempt has be tried without success
|
||
|
var $sendNoCacheHeaders = TRUE; // If this is set, headers is sent to assure, caching is NOT done
|
||
|
var $getFallBack = FALSE; // If this is set, authentication is also accepted by the $_GET. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones
|
||
|
var $hash_length = 32; // The ident-hash is normally 32 characters and should be! But if you are making sites for WAP-devices og other lowbandwidth stuff, you may shorten the length. Never let this value drop below 6. A length of 6 would give you more than 16 mio possibilities.
|
||
|
var $hash_length = 40; // The ident-hash is normally 40 characters and should be! But if you are making sites for WAP-devices og other lowbandwidth stuff, you may shorten the length. Never let this value drop below 6. A length of 6 would give you more than 16 mio possibilities.
|
||
|
protected $sessionIdHashLength = 16; // The session ID hash has 16 characters by default but could defined to be shorter
|
||
|
var $getMethodEnabled = FALSE; // Setting this flag true lets user-authetication happen from GET_VARS if POST_VARS are not set. Thus you may supply username/password from the URL.
|
||
|
var $lockIP = 4; // If set, will lock the session to the users IP address (all four numbers. Reducing to 1-3 means that only first, second or third part of the IP address is used).
|
||
|
var $lockHashKeyWords = 'useragent'; // Keyword list (commalist with no spaces!): "useragent". Each keyword indicates some information that can be included in a integer hash made to lock down usersessions.
|
||
| ... | ... | |
|
// Internals
|
||
|
var $id; // Internal: Will contain session_id (MD5-hash)
|
||
|
var $cookieId; // Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from $_COOKIE).
|
||
|
protected $sessionIdHash; // Internal: Hash over the sessionId to ensure that TYPO3 created the cookie
|
||
|
var $loginFailure = FALSE; // Indicates if an authentication was started but failed
|
||
|
var $loginSessionStarted = FALSE; // Will be set to true if the login session is actually written during auth-check.
|
||
| ... | ... | |
|
// If fallback to get mode....
|
||
|
if (!$id && $this->getFallBack && $this->get_name) {
|
||
|
$id = isset($_GET[$this->get_name]) ? t3lib_div::_GET($this->get_name) : '';
|
||
|
if (strlen($id)!=$this->hash_length) $id='';
|
||
|
$mode='get';
|
||
|
}
|
||
|
// Extract session ID and the accordant hash:
|
||
|
list($id, $this->sessionIdHash) = explode('-', $id, 2);
|
||
|
// Invalidate session ID if it does not match the expected length
|
||
|
if (strlen($id) != $this->hash_length) {
|
||
|
unset($id);
|
||
|
}
|
||
|
$this->cookieId = $id;
|
||
|
// If new session or client tries to fix session...
|
||
|
if (!$id || !$this->isExistingSessionRecord($id)) {
|
||
|
if (!$id || !$this->sessionIdHash || $this->sessionIdHash !== $this->createSessionIdHash($id) || !$this->isExistingSessionRecord($id)) {
|
||
|
// New random session-$id is made
|
||
|
$id = substr(md5(uniqid('').getmypid()),0,$this->hash_length);
|
||
|
$id = substr(sha1(uniqid(mt_rand(), true) . getmypid()), 0, $this->hash_length);
|
||
|
// New session
|
||
|
$this->newSessionID = TRUE;
|
||
|
}
|
||
|
// Internal var 'id' is set
|
||
|
$this->id = $id;
|
||
|
$this->sessionIdHash = $this->createSessionIdHash($id);
|
||
|
// If fallback to get mode....
|
||
|
if ($mode=='get' && $this->getFallBack && $this->get_name) {
|
||
| ... | ... | |
|
if ($this->isSetSessionCookie()) {
|
||
|
if (!$this->dontSetCookie) {
|
||
|
if ($cookieDomain) {
|
||
|
SetCookie($this->name, $id, 0, '/', $cookieDomain);
|
||
|
setcookie($this->name, $id . '-' . $this->sessionIdHash, 0, '/', $cookieDomain);
|
||
|
} else {
|
||
|
SetCookie($this->name, $id, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
|
||
|
setcookie($this->name, $id . '-' . $this->sessionIdHash, 0, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
|
||
|
}
|
||
|
if ($this->writeDevLog) t3lib_div::devLog('Set new Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
|
||
|
}
|
||
| ... | ... | |
|
if ($this->isRefreshTimeBasedCookie()) {
|
||
|
if (!$this->dontSetCookie) {
|
||
|
if ($cookieDomain) {
|
||
|
SetCookie($this->name, $id, time()+$this->lifetime, '/', $cookieDomain);
|
||
|
setcookie($this->name, $id . '-' . $this->sessionIdHash, time()+$this->lifetime, '/', $cookieDomain);
|
||
|
} else {
|
||
|
SetCookie($this->name, $id, time()+$this->lifetime, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
|
||
|
setcookie($this->name, $id . '-' . $this->sessionIdHash, time()+$this->lifetime, t3lib_div::getIndpEnv('TYPO3_SITE_PATH'));
|
||
|
}
|
||
|
if ($this->writeDevLog) t3lib_div::devLog('Update Cookie: '.$id.($cookieDomain ? ', '.$cookieDomain : ''), 't3lib_userAuth');
|
||
|
}
|
||
| ... | ... | |
|
$GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->session_table, 'ses_id='.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->user['ses_id'], $this->session_table), array('ses_data' => $this->user['ses_data']));
|
||
|
}
|
||
|
/**
|
||
|
* Creates a hash of the session ID by using the encryption key.
|
||
|
*
|
||
|
* @param string $sessionId: The session ID to create a hash for
|
||
|
* @return string The created session ID hash
|
||
|
*/
|
||
|
protected function createSessionIdHash($sessionId) {
|
||
|
return t3lib_div::shortMD5($sessionId . ':' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'], $this->sessionIdHashLength);
|
||
|
}
|
||
| ... | ... | |
|
/*************************
|
||
|
*
|
||
|
* Misc
|
||
| typo3/sysext/cms/ext_tables.sql (Arbeitskopie) | ||
|---|---|---|
|
# Table structure for table 'fe_session_data'
|
||
|
#
|
||
|
CREATE TABLE fe_session_data (
|
||
|
hash varchar(32) DEFAULT '' NOT NULL,
|
||
|
hash varchar(40) DEFAULT '' NOT NULL,
|
||
|
content mediumblob,
|
||
|
tstamp int(11) unsigned DEFAULT '0' NOT NULL,
|
||
|
PRIMARY KEY (hash)
|
||
| ... | ... | |
|
# Table structure for table 'fe_sessions'
|
||
|
#
|
||
|
CREATE TABLE fe_sessions (
|
||
|
ses_id varchar(32) DEFAULT '' NOT NULL,
|
||
|
ses_id varchar(40) DEFAULT '' NOT NULL,
|
||
|
ses_name varchar(32) DEFAULT '' NOT NULL,
|
||
|
ses_iplock varchar(39) DEFAULT '' NOT NULL,
|
||
|
ses_hashlock int(11) DEFAULT '0' NOT NULL,
|
||