includes/sessions.php
changeset 518 2b826f2640e9
parent 511 f88c8c79d784
child 525 3f2dfdb99be4
--- a/includes/sessions.php	Tue Apr 01 01:26:22 2008 -0400
+++ b/includes/sessions.php	Sun Apr 06 14:02:20 2008 -0400
@@ -516,7 +516,7 @@
               $super = $this->validate_session($key);
             }
           }
-          if(is_array($super))
+          if(is_array(@$super))
           {
             $this->auth_level = intval($super['auth_level']);
             $this->sid_super = $_REQUEST['auth'];
@@ -3231,7 +3231,8 @@
         // decrypt user info
         $aes_key = hexdecode($aes_key);
         $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
-        $userinfo_json = $aes->decrypt($userinfo_crypt, $aes_key, ENC_HEX);
+        // using "true" here disables caching of the decrypted login info (which includes the password)
+        $userinfo_json = $aes->decrypt($userinfo_crypt, $aes_key, ENC_HEX, true);
         if ( !$userinfo_json )
         {
           return array(