0015673.patch

Administrator Admin, 2010-09-09 13:17

Download (5.6 KB)

View differences:

t3lib/stddb/tables.sql (Arbeitskopie)
48 48
  ses_tstamp int(11) unsigned DEFAULT '0' NOT NULL,
49 49
  ses_data longtext,
50 50
  ses_backuserid int(11) NOT NULL default '0',
51
  ses_verihash varchar(40) DEFAULT '' NOT NULL,
51 52
  PRIMARY KEY (ses_id,ses_name)
52 53
);
53 54

  
t3lib/class.t3lib_userauth.php (Arbeitskopie)
157 157

  
158 158
		// Internals
159 159
	var $id;							// Internal: Will contain session_id (MD5-hash)
160
	protected $veriHash = '';			// Internal: Verify Hash used in combination with the veriCode (vC)
160 161
	var $cookieId;						// Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from $_COOKIE).
161 162
	var $loginFailure = FALSE;			// Indicates if an authentication was started but failed
162 163
	var $loginSessionStarted = FALSE;	// Will be set to true if the login session is actually written during auth-check.
......
245 246
			// Internal var 'id' is set
246 247
		$this->id = $id;
247 248

  
249
			// Set the verify hash:
250
		$veriHash = t3lib_div::_GP('vH');
251
		$this->veriHash = ($veriHash ? $veriHash : sha1($this->id));
252

  
248 253
			// If fallback to get mode....
249 254
		if ($mode=='get' && $this->getFallBack && $this->get_name)	{
250 255
			$this->get_URL_ID = '&'.$this->get_name.'='.$id;
......
762 767
			'ses_iplock' => $tempuser['disableIPlock'] ? '[DISABLED]' : $this->ipLockClause_remoteIPNumber($this->lockIP),
763 768
			'ses_hashlock' => $this->hashLockClause_getHashInt(),
764 769
			'ses_userid' => $tempuser[$this->userid_column],
765
			'ses_tstamp' => $GLOBALS['EXEC_TIME']
770
			'ses_tstamp' => $GLOBALS['EXEC_TIME'],
771
			'ses_verihash' => $this->veriHash,
766 772
		);
767 773
	}
768 774

  
......
787 793
		}
788 794

  
789 795
		if ($statement && $user) {
796
			if (!$this->id) {
797
				$this->id = $user['ses_id'];
798
			}
799

  
790 800
				// A user was found
791 801
			if (is_string($this->auth_timeout_field))	{
792 802
				$timeout = intval($user[$this->auth_timeout_field]);		// Get timeout-time from usertable
......
912 922
				$statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery(
913 923
					'*',
914 924
					$this->session_table . ',' . $this->user_table,
915
					$this->session_table . '.ses_id = :ses_id
925
					$this->session_table . '.ses_verihash = :ses_verihash
916 926
						AND ' . $this->session_table . '.ses_name = :ses_name
917 927
						AND ' . $this->session_table . '.ses_userid = ' . $this->user_table . '.' . $this->userid_column . '
918 928
						' . $ipLockClause['where'] . '
919 929
						' . $this->user_where_clause()
920 930
				);
921 931
				$statement->bindValues(array(
922
					':ses_id'     => $this->id,
923
					':ses_name'   => $this->name,
932
					':ses_id'       => $this->id,
933
					':ses_name'     => $this->name,
934
					':ses_verihash' => $this->veriHash,
924 935
				));
925 936
				$statement->bindValues($ipLockClause['parameters']);
926 937
			}
......
1012 1023
	 * @return	string
1013 1024
	 */
1014 1025
	public function veriCode() {
1015
		return substr(md5($this->id . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);
1026
		return substr(md5($this->veriHash . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);
1016 1027
	}
1017 1028

  
1018 1029
	/**
1030
	 * Gets the current veriHash.
1031
	 *
1032
	 * @return string
1033
	 */
1034
	public function getVeriHash() {
1035
		return $this->veriHash;
1036
	}
1037

  
1038
	/**
1019 1039
	 * This returns the where-clause needed to lock a user to a hash integer
1020 1040
	 *
1021 1041
	 * @return	string
typo3/js/flashupload.js (Arbeitskopie)
280 280
			swfConfig.post_params            = Ext.value(this.uploadPostParams, this.swfDefaultConfig.post_params);
281 281
			// add the veriCode from the backend.php to verify the session with the flash client
282 282
			swfConfig.post_params.vC         = top.TS.veriCode;
283
			swfConfig.post_params.vH         = top.TS.veriHash;
283 284
			swfConfig.file_types_description = Ext.value(this.uploadFileTypesDescription, this.swfDefaultConfig.file_types_description);
284 285
			this.setFileTypeRestrictions(this.uploadFileTypes);
285 286
			return swfConfig;
typo3/backend.php (Arbeitskopie)
386 386
			'inWorkspace' => $GLOBALS['BE_USER']->workspace !== 0 ? 1 : 0,
387 387
			'workspaceFrontendPreviewEnabled' => $GLOBALS['BE_USER']->user['workspace_preview'] ? 1 : 0,
388 388
			'veriCode' => $GLOBALS['BE_USER']->veriCode(),
389
			'veriHash' => $GLOBALS['BE_USER']->getVeriHash(),
389 390
			'denyFileTypes' => PHP_EXTENSIONS_DEFAULT,
390 391
			'moduleMenuWidth' => $this->menuWidth - 1,
391 392
			'topBarHeight' => (isset($GLOBALS['TBE_STYLES']['dims']['topFrameH']) ? intval($GLOBALS['TBE_STYLES']['dims']['topFrameH']) : 30),
......
480 481
		this.navFrameWidth = 0;
481 482
		this.securityLevel = TYPO3.configuration.securityLevel;
482 483
		this.veriCode = TYPO3.configuration.veriCode;
484
		this.veriHash = TYPO3.configuration.veriHash;
483 485
		this.denyFileTypes = TYPO3.configuration.denyFileTypes;
484 486
	}
485 487
	var TS = new typoSetup();
typo3/sysext/cms/ext_tables.sql (Arbeitskopie)
186 186
  ses_tstamp int(11) unsigned DEFAULT '0' NOT NULL,
187 187
  ses_data blob,
188 188
  ses_permanent tinyint(1) unsigned DEFAULT '0' NOT NULL,
189
  ses_verihash varchar(40) DEFAULT '' NOT NULL,
189 190
  PRIMARY KEY (ses_id,ses_name)
190 191
) ENGINE=InnoDB;
191 192