equal
deleted
inserted
replaced
514 if ( !empty($key) && ( strlen($key) / 2 ) % 4 == 0 ) |
514 if ( !empty($key) && ( strlen($key) / 2 ) % 4 == 0 ) |
515 { |
515 { |
516 $super = $this->validate_session($key); |
516 $super = $this->validate_session($key); |
517 } |
517 } |
518 } |
518 } |
519 if(is_array($super)) |
519 if(is_array(@$super)) |
520 { |
520 { |
521 $this->auth_level = intval($super['auth_level']); |
521 $this->auth_level = intval($super['auth_level']); |
522 $this->sid_super = $_REQUEST['auth']; |
522 $this->sid_super = $_REQUEST['auth']; |
523 } |
523 } |
524 } |
524 } |
3229 // shared between the two systems from here on out |
3229 // shared between the two systems from here on out |
3230 |
3230 |
3231 // decrypt user info |
3231 // decrypt user info |
3232 $aes_key = hexdecode($aes_key); |
3232 $aes_key = hexdecode($aes_key); |
3233 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
3233 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
3234 $userinfo_json = $aes->decrypt($userinfo_crypt, $aes_key, ENC_HEX); |
3234 // using "true" here disables caching of the decrypted login info (which includes the password) |
|
3235 $userinfo_json = $aes->decrypt($userinfo_crypt, $aes_key, ENC_HEX, true); |
3235 if ( !$userinfo_json ) |
3236 if ( !$userinfo_json ) |
3236 { |
3237 { |
3237 return array( |
3238 return array( |
3238 'mode' => 'error', |
3239 'mode' => 'error', |
3239 'error' => 'ERR_AES_DECRYPT_FAILED' |
3240 'error' => 'ERR_AES_DECRYPT_FAILED' |