8 years ago · 214f489bd7
--- a/classes/encrypt.class.php
+++ b/classes/encrypt.class.php
@@ -1,34 +0,0 @@
 
				
				-<?
			
 
				
				-/*************************************************************************|
			
 
				
				-|--------------- Encryption class ----------------------------------------|
			
 
				
				-|*************************************************************************|
			
 
				
				-
			
 
				
				-This class handles encryption and decryption, that's all folks.
			
 
				
				-
			
 
				
				-|*************************************************************************/
			
 
				
				-
			
 
				
				-if (!extension_loaded('mcrypt')) {
			
 
				
				-  die('Mcrypt Extension not loaded.');
			
 
				
				-}
			
 
				
				-
			
 
				
				-class CRYPT {
			
 
				
				-  public function encrypt($Str, $Key = ENCKEY) {
			
 
				
				-    srand();
			
 
				
				-    $Str = str_pad($Str, 32 - strlen($Str));
			
 
				
				-    $IVSize = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
			
 
				
				-    $IV = mcrypt_create_iv($IVSize, MCRYPT_RAND);
			
 
				
				-    $CryptStr = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $Key, $Str, MCRYPT_MODE_CBC, $IV);
			
 
				
				-    return base64_encode($IV.$CryptStr);
			
 
				
				-  }
			
 
				
				-
			
 
				
				-  public function decrypt($CryptStr, $Key = ENCKEY) {
			
 
				
				-    if ($CryptStr != '') {
			
 
				
				-      $IV = substr(base64_decode($CryptStr), 0, 16);
			
 
				
				-      $CryptStr = substr(base64_decode($CryptStr), 16);
			
 
				
				-      return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $Key, $CryptStr, MCRYPT_MODE_CBC, $IV));
			
 
				
				-    } else {
			
 
				
				-      return '';
			
 
				
				-    }
			
 
				
				-  }
			
 
				
				-} // class ENCRYPT()
			
 
				
				-?>
			
--- a/classes/script_start.php
+++ b/classes/script_start.php
@@ -51,7 +51,6 @@ ob_start(); //Start a buffer, mainly in case there is a mysql error
 
				
				 require(SERVER_ROOT.'/classes/debug.class.php'); //Require the debug class
			
 
				
				 require(SERVER_ROOT.'/classes/mysql.class.php'); //Require the database wrapper
			
 
				
				 require(SERVER_ROOT.'/classes/cache.class.php'); //Require the caching class
			
 
				
				-require(SERVER_ROOT.'/classes/encrypt.class.php'); //Require the encryption class
			
 
				
				 require(SERVER_ROOT.'/classes/time.class.php'); //Require the time class
			
 
				
				 require(SERVER_ROOT.'/classes/paranoia.class.php'); //Require the paranoia check_paranoia function
			
 
				
				 require(SERVER_ROOT.'/classes/regex.php');
			
@@ -63,7 +62,6 @@ $Debug->set_flag('Debug constructed');
 
				
				 
			
 
				
				 $DB = new DB_MYSQL;
			
 
				
				 $Cache = new CACHE(MEMCACHED_SERVERS);
			
 
				
				-$Enc = new CRYPT;
			
 
				
				 
			
 
				
				 // Autoload classes.
			
 
				
				 require(SERVER_ROOT.'/classes/classloader.php');
			
@@ -93,12 +91,9 @@ list($Classes, $ClassLevels) = Users::get_classes();
 
				
				 // Enabled - if the user's enabled or not
			
 
				
				 // Permissions
			
 
				
				 
			
 
				
				-if (isset($_COOKIE['session'])) {
			
 
				
				-  $LoginCookie = $Enc->decrypt($_COOKIE['session']);
			
 
				
				-}
			
 
				
				-if (isset($LoginCookie)) {
			
 
				
				-  list($SessionID, $LoggedUser['ID']) = explode('|~|', $Enc->decrypt($LoginCookie));
			
 
				
				-  $LoggedUser['ID'] = (int)$LoggedUser['ID'];
			
 
				
				+if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {
			
 
				
				+  $SessionID = $_COOKIE['session'];
			
 
				
				+  $LoggedUser['ID'] = (int)$_COOKIE['userid'];
			
 
				
				 
			
 
				
				   $UserID = $LoggedUser['ID']; //TODO: UserID should not be LoggedUser
			
 
				
				 
			
@@ -138,7 +133,6 @@ if (isset($LoginCookie)) {
 
				
				     $Cache->cache_value('enabled_'.$LoggedUser['ID'], $Enabled, 0);
			
 
				
				   }
			
 
				
				   if ($Enabled == 2) {
			
 
				
				-
			
 
				
				     logout();
			
 
				
				   }
			
 
				
				 
			
--- a/sections/login/index.php
+++ b/sections/login/index.php
@@ -235,16 +235,10 @@ else {
 
				
				               WHERE Username = '".db_string($_POST['username'])."'");
			
 
				
				           }
			
 
				
				           if ($Enabled == 1) {
			
 
				
				-            $SessionID = Users::make_secret();
			
 
				
				-            $Cookie = $Enc->encrypt($Enc->encrypt($SessionID.'|~|'.$UserID));
			
 
				
				-
			
 
				
				-            if (isset($_POST['keeplogged']) && $_POST['keeplogged']) {
			
 
				
				-              $KeepLogged = 1;
			
 
				
				-              setcookie('session', $Cookie, time() + 60 * 60 * 24 * 365, '/', '', true, true);
			
 
				
				-            } else {
			
 
				
				-              $KeepLogged = 0;
			
 
				
				-              setcookie('session', $Cookie, 0, '/', '', true, true);
			
 
				
				-            }
			
 
				
				+            $SessionID = Users::make_secret(64);
			
 
				
				+            $KeepLogged = ($_POST['keeplogged'] ?? false) ? 1 : 0;
			
 
				
				+            setcookie('session', $SessionID, (time()+60*60*24*365)*$KeepLogged, '/', '', true, true);
			
 
				
				+            setcookie('userid', $UserID, (time()+60*60*24*365)*$KeepLogged, '/', '', true, true);
			
 
				
				 
			
 
				
				             // Because we <3 our staff
			
 
				
				             $Permissions = Permissions::get_permissions($PermissionID);