Bug #23521 » 0015673.patch
| t3lib/stddb/tables.sql (Arbeitskopie) | ||
|---|---|---|
|
ses_tstamp int(11) unsigned DEFAULT '0' NOT NULL,
|
||
|
ses_data longtext,
|
||
|
ses_backuserid int(11) NOT NULL default '0',
|
||
|
ses_verihash varchar(40) DEFAULT '' NOT NULL,
|
||
|
PRIMARY KEY (ses_id,ses_name)
|
||
|
);
|
||
| t3lib/class.t3lib_userauth.php (Arbeitskopie) | ||
|---|---|---|
|
// Internals
|
||
|
var $id; // Internal: Will contain session_id (MD5-hash)
|
||
|
protected $veriHash = ''; // Internal: Verify Hash used in combination with the veriCode (vC)
|
||
|
var $cookieId; // Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from $_COOKIE).
|
||
|
var $loginFailure = FALSE; // Indicates if an authentication was started but failed
|
||
|
var $loginSessionStarted = FALSE; // Will be set to true if the login session is actually written during auth-check.
|
||
| ... | ... | |
|
// Internal var 'id' is set
|
||
|
$this->id = $id;
|
||
|
// Set the verify hash:
|
||
|
$veriHash = t3lib_div::_GP('vH');
|
||
|
$this->veriHash = ($veriHash ? $veriHash : sha1($this->id));
|
||
|
// If fallback to get mode....
|
||
|
if ($mode=='get' && $this->getFallBack && $this->get_name) {
|
||
|
$this->get_URL_ID = '&'.$this->get_name.'='.$id;
|
||
| ... | ... | |
|
'ses_iplock' => $tempuser['disableIPlock'] ? '[DISABLED]' : $this->ipLockClause_remoteIPNumber($this->lockIP),
|
||
|
'ses_hashlock' => $this->hashLockClause_getHashInt(),
|
||
|
'ses_userid' => $tempuser[$this->userid_column],
|
||
|
'ses_tstamp' => $GLOBALS['EXEC_TIME']
|
||
|
'ses_tstamp' => $GLOBALS['EXEC_TIME'],
|
||
|
'ses_verihash' => $this->veriHash,
|
||
|
);
|
||
|
}
|
||
| ... | ... | |
|
}
|
||
|
if ($statement && $user) {
|
||
|
if (!$this->id) {
|
||
|
$this->id = $user['ses_id'];
|
||
|
}
|
||
|
// A user was found
|
||
|
if (is_string($this->auth_timeout_field)) {
|
||
|
$timeout = intval($user[$this->auth_timeout_field]); // Get timeout-time from usertable
|
||
| ... | ... | |
|
$statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery(
|
||
|
'*',
|
||
|
$this->session_table . ',' . $this->user_table,
|
||
|
$this->session_table . '.ses_id = :ses_id
|
||
|
$this->session_table . '.ses_verihash = :ses_verihash
|
||
|
AND ' . $this->session_table . '.ses_name = :ses_name
|
||
|
AND ' . $this->session_table . '.ses_userid = ' . $this->user_table . '.' . $this->userid_column . '
|
||
|
' . $ipLockClause['where'] . '
|
||
|
' . $this->user_where_clause()
|
||
|
);
|
||
|
$statement->bindValues(array(
|
||
|
':ses_id' => $this->id,
|
||
|
':ses_name' => $this->name,
|
||
|
':ses_id' => $this->id,
|
||
|
':ses_name' => $this->name,
|
||
|
':ses_verihash' => $this->veriHash,
|
||
|
));
|
||
|
$statement->bindValues($ipLockClause['parameters']);
|
||
|
}
|
||
| ... | ... | |
|
* @return string
|
||
|
*/
|
||
|
public function veriCode() {
|
||
|
return substr(md5($this->id . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);
|
||
|
return substr(md5($this->veriHash . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);
|
||
|
}
|
||
|
/**
|
||
|
* Gets the current veriHash.
|
||
|
*
|
||
|
* @return string
|
||
|
*/
|
||
|
public function getVeriHash() {
|
||
|
return $this->veriHash;
|
||
|
}
|
||
|
/**
|
||
|
* This returns the where-clause needed to lock a user to a hash integer
|
||
|
*
|
||
|
* @return string
|
||
| typo3/js/flashupload.js (Arbeitskopie) | ||
|---|---|---|
|
swfConfig.post_params = Ext.value(this.uploadPostParams, this.swfDefaultConfig.post_params);
|
||
|
// add the veriCode from the backend.php to verify the session with the flash client
|
||
|
swfConfig.post_params.vC = top.TS.veriCode;
|
||
|
swfConfig.post_params.vH = top.TS.veriHash;
|
||
|
swfConfig.file_types_description = Ext.value(this.uploadFileTypesDescription, this.swfDefaultConfig.file_types_description);
|
||
|
this.setFileTypeRestrictions(this.uploadFileTypes);
|
||
|
return swfConfig;
|
||
| typo3/backend.php (Arbeitskopie) | ||
|---|---|---|
|
'inWorkspace' => $GLOBALS['BE_USER']->workspace !== 0 ? 1 : 0,
|
||
|
'workspaceFrontendPreviewEnabled' => $GLOBALS['BE_USER']->user['workspace_preview'] ? 1 : 0,
|
||
|
'veriCode' => $GLOBALS['BE_USER']->veriCode(),
|
||
|
'veriHash' => $GLOBALS['BE_USER']->getVeriHash(),
|
||
|
'denyFileTypes' => PHP_EXTENSIONS_DEFAULT,
|
||
|
'moduleMenuWidth' => $this->menuWidth - 1,
|
||
|
'topBarHeight' => (isset($GLOBALS['TBE_STYLES']['dims']['topFrameH']) ? intval($GLOBALS['TBE_STYLES']['dims']['topFrameH']) : 30),
|
||
| ... | ... | |
|
this.navFrameWidth = 0;
|
||
|
this.securityLevel = TYPO3.configuration.securityLevel;
|
||
|
this.veriCode = TYPO3.configuration.veriCode;
|
||
|
this.veriHash = TYPO3.configuration.veriHash;
|
||
|
this.denyFileTypes = TYPO3.configuration.denyFileTypes;
|
||
|
}
|
||
|
var TS = new typoSetup();
|
||
| typo3/sysext/cms/ext_tables.sql (Arbeitskopie) | ||
|---|---|---|
|
ses_tstamp int(11) unsigned DEFAULT '0' NOT NULL,
|
||
|
ses_data blob,
|
||
|
ses_permanent tinyint(1) unsigned DEFAULT '0' NOT NULL,
|
||
|
ses_verihash varchar(40) DEFAULT '' NOT NULL,
|
||
|
PRIMARY KEY (ses_id,ses_name)
|
||
|
) ENGINE=InnoDB;
|
||