Split calculateAuthHash out from generateAuthHash. API is sessionless, so we just want provide a means of getting the auth hash without caching or do anything else fancy with it.
This commit is contained in:
parent
8dd1c67c1c
commit
fffe72a3fa
|
@ -208,6 +208,14 @@ function getAuthUser($auth) {
|
||||||
return null;
|
return null;
|
||||||
} // end getAuthUser($auth)
|
} // end getAuthUser($auth)
|
||||||
|
|
||||||
|
function calculateAuthHash($remoteAddr) {
|
||||||
|
global $user;
|
||||||
|
$local_time = localtime();
|
||||||
|
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$remoteAddr.$local_time[2].$local_time[3].$local_time[4].$local_time[5];
|
||||||
|
#ZM\Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] );
|
||||||
|
return md5($authKey);
|
||||||
|
}
|
||||||
|
|
||||||
function generateAuthHash($useRemoteAddr, $force=false) {
|
function generateAuthHash($useRemoteAddr, $force=false) {
|
||||||
global $user;
|
global $user;
|
||||||
if (ZM_OPT_USE_AUTH and (ZM_AUTH_RELAY == 'hashed') and isset($user['Username']) and isset($user['Password']) and isset($_SESSION)) {
|
if (ZM_OPT_USE_AUTH and (ZM_AUTH_RELAY == 'hashed') and isset($user['Username']) and isset($user['Password']) and isset($_SESSION)) {
|
||||||
|
@ -218,16 +226,8 @@ function generateAuthHash($useRemoteAddr, $force=false) {
|
||||||
|
|
||||||
# Appending the remoteAddr prevents us from using an auth hash generated for a different ip
|
# Appending the remoteAddr prevents us from using an auth hash generated for a different ip
|
||||||
if ($force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime )) {
|
if ($force or ( !isset($_SESSION['AuthHash'.$_SESSION['remoteAddr']]) ) or ( $_SESSION['AuthHashGeneratedAt'] < $mintime )) {
|
||||||
|
$auth = calculateAuthHash($useRemoteAddr?$_SESSION['remoteAddr']:'');
|
||||||
# Don't both regenerating Auth Hash if an hour hasn't gone by yet
|
# Don't both regenerating Auth Hash if an hour hasn't gone by yet
|
||||||
$local_time = localtime();
|
|
||||||
$authKey = '';
|
|
||||||
if ($useRemoteAddr) {
|
|
||||||
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$_SESSION['remoteAddr'].$local_time[2].$local_time[3].$local_time[4].$local_time[5];
|
|
||||||
} else {
|
|
||||||
$authKey = ZM_AUTH_HASH_SECRET.$user['Username'].$user['Password'].$local_time[2].$local_time[3].$local_time[4].$local_time[5];
|
|
||||||
}
|
|
||||||
#ZM\Debug("Generated using hour:".$local_time[2] . ' mday:' . $local_time[3] . ' month:'.$local_time[4] . ' year: ' . $local_time[5] );
|
|
||||||
$auth = md5($authKey);
|
|
||||||
$_SESSION['AuthHash'.$_SESSION['remoteAddr']] = $auth;
|
$_SESSION['AuthHash'.$_SESSION['remoteAddr']] = $auth;
|
||||||
$_SESSION['AuthHashGeneratedAt'] = $time;
|
$_SESSION['AuthHashGeneratedAt'] = $time;
|
||||||
# Because we don't write out the session, it shouldn't actually get written out to disk. However if it does, the GeneratedAt should protect us.
|
# Because we don't write out the session, it shouldn't actually get written out to disk. However if it does, the GeneratedAt should protect us.
|
||||||
|
|
Loading…
Reference in New Issue