0015673_v2_trunk.patch

Administrator Admin, 2010-09-09 14:39

Download (4.05 KB)

View differences:

t3lib/class.t3lib_userauth.php (Arbeitskopie)
157 157

  
158 158
		// Internals
159 159
	var $id;							// Internal: Will contain session_id (MD5-hash)
160
	protected $idHash;					// Internal: MD5 hash of the session id, used in combination with veriCode (vC)
160 161
	var $cookieId;						// Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from $_COOKIE).
161 162
	var $loginFailure = FALSE;			// Indicates if an authentication was started but failed
162 163
	var $loginSessionStarted = FALSE;	// Will be set to true if the login session is actually written during auth-check.
......
787 788
		}
788 789

  
789 790
		if ($statement && $user) {
791
			if (!$this->id) {
792
				$this->id = $user['ses_id'];
793
			}
794

  
790 795
				// A user was found
791 796
			if (is_string($this->auth_timeout_field))	{
792 797
				$timeout = intval($user[$this->auth_timeout_field]);		// Get timeout-time from usertable
......
912 917
				$statement = $GLOBALS['TYPO3_DB']->prepare_SELECTquery(
913 918
					'*',
914 919
					$this->session_table . ',' . $this->user_table,
915
					$this->session_table . '.ses_id = :ses_id
920
					'MD5(' . $this->session_table . '.ses_id) = :idhash
916 921
						AND ' . $this->session_table . '.ses_name = :ses_name
917 922
						AND ' . $this->session_table . '.ses_userid = ' . $this->user_table . '.' . $this->userid_column . '
918 923
						' . $ipLockClause['where'] . '
......
921 926
				$statement->bindValues(array(
922 927
					':ses_id'     => $this->id,
923 928
					':ses_name'   => $this->name,
929
					':idhash'     => $this->getIdHash(),
924 930
				));
925 931
				$statement->bindValues($ipLockClause['parameters']);
926 932
			}
......
1012 1018
	 * @return	string
1013 1019
	 */
1014 1020
	public function veriCode() {
1015
		return substr(md5($this->id . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);
1021
		return substr(md5($this->getIdHash() . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);
1016 1022
	}
1017 1023

  
1018 1024
	/**
1025
	 * Gets the current idHash.
1026
	 *
1027
	 * @return string
1028
	 */
1029
	public function getIdHash() {
1030
		if (!isset($this->idHash)) {
1031
			$idHash = t3lib_div::_GP('idHash');
1032
			$this->idHash = ($idHash ? $idHash : md5($this->id));
1033
		}
1034

  
1035
		return $this->idHash;
1036
	}
1037

  
1038
	/**
1019 1039
	 * This returns the where-clause needed to lock a user to a hash integer
1020 1040
	 *
1021 1041
	 * @return	string
typo3/js/flashupload.js (Arbeitskopie)
280 280
			swfConfig.post_params            = Ext.value(this.uploadPostParams, this.swfDefaultConfig.post_params);
281 281
			// add the veriCode from the backend.php to verify the session with the flash client
282 282
			swfConfig.post_params.vC         = top.TS.veriCode;
283
			swfConfig.post_params.idHash     = top.TS.idHash;
283 284
			swfConfig.file_types_description = Ext.value(this.uploadFileTypesDescription, this.swfDefaultConfig.file_types_description);
284 285
			this.setFileTypeRestrictions(this.uploadFileTypes);
285 286
			return swfConfig;
typo3/backend.php (Arbeitskopie)
386 386
			'inWorkspace' => $GLOBALS['BE_USER']->workspace !== 0 ? 1 : 0,
387 387
			'workspaceFrontendPreviewEnabled' => $GLOBALS['BE_USER']->user['workspace_preview'] ? 1 : 0,
388 388
			'veriCode' => $GLOBALS['BE_USER']->veriCode(),
389
			'idHash' => $GLOBALS['BE_USER']->getIdHash(),
389 390
			'denyFileTypes' => PHP_EXTENSIONS_DEFAULT,
390 391
			'moduleMenuWidth' => $this->menuWidth - 1,
391 392
			'topBarHeight' => (isset($GLOBALS['TBE_STYLES']['dims']['topFrameH']) ? intval($GLOBALS['TBE_STYLES']['dims']['topFrameH']) : 30),
......
480 481
		this.navFrameWidth = 0;
481 482
		this.securityLevel = TYPO3.configuration.securityLevel;
482 483
		this.veriCode = TYPO3.configuration.veriCode;
484
		this.idHash = TYPO3.configuration.idHash;
483 485
		this.denyFileTypes = TYPO3.configuration.denyFileTypes;
484 486
	}
485 487
	var TS = new typoSetup();