2
/////////////////////////////////////////////////////////
4
// include/write_sinc.inc
6
// (C)Copyright 2001-2002 Ryo Chijiiwa <Ryo@IlohaMail.org>
8
// This file is part of IlohaMail. IlohaMail is free software released
9
// under the GPL license. See enclosed file COPYING for details, or
10
// see http://www.fsf.org/copyleft/gpl.html
12
/////////////////////////////////////////////////////////
14
/********************************************************
17
1. Generate session ID
18
2. Read user preference settings from data source, and write into session file.
21
$user_name - User name
25
$new_user - true if new user, else false
26
Session file (in the form of a PHP include) is written into sessions folder,
27
with file name $user."inc".
29
This file is fairly specific to the file-based data back-end. For DB-based
30
back-ends, session data should be registered.
35
-password (clear or encrypted)
37
-time of login (optional)
39
How to crack the session/password encryption mechanism:
40
If you know the user name, host, and session ID
41
1. Get session encryption key in user's directory
42
2. Access session file.
44
If you don't know the user name, but have a session ID
45
1. Get IP address the session was opened from
46
2. Encrypt path using IP address
47
(in reverse order, no '.'s, as string)
48
(e.g. 127.0.0.1 -> "100127")
49
3. Access user's directory and get session key
52
********************************************************/
54
function GetPrefsFolder($user, $host, &$created){
60
$user = strtolower($user);
61
$host = strtolower($host);
63
$path = $USER_DIR.ereg_replace("[\\/]", "", $user.".".$host);
64
if (@file_exists(realpath($path))){
67
if (@mkdir($path, 0700)){
77
function GetSettings($result, $file){
79
if (is_array($lines)){
80
while ( list($k, $line) = each($lines) ){
81
list($key, $val) = explode(":", $line);
82
$result[$key] = base64_decode($val);
91
include_once("../include/array2php.inc");
93
// find user's directory, or create one
94
$path=GetPrefsFolder($user_name, $host, $new_user);
98
if (!isset($session)){
99
$session=time()."-".GenerateRandomString(5,"0123456789");
103
// generate random session key
104
$key=GenerateMessage(strlen($password)+5);
106
// save session key in $userPath/key.inc
107
$fp=fopen($path."/key.inc", 'w');
109
fputs($fp, '<?php $passkey="'.$key.'"; ?>');
113
// encrypt login ID, host, and passwords
114
$encpass = EncryptMessage($key, $password);
115
$encHost = EncryptMessage($key, $host);
116
$encUser = EncryptMessage($key, $user_name);
118
$ipkey = InitSessionEncKey($session);
119
$encPath = EncryptMessage($ipkey, $path);
121
// dynamically generate code to put in session include file.
123
$string.="function GetPassword(){ return \"".$encpass."\";}\n";
124
$string.="function GetHost(){ return \"".$encHost."\"; }\n";
125
$string.="function GetUserName(){ return \"".$encUser."\";}\n";
126
$string.="\$userPath=\"".$encPath."\";\n";
127
$string.="\$port=".$port.";\n";
130
// write code to session include file (in sessions folder)
131
$session_file_path = $SESSION_DIR.$user.".inc";
132
$fp=fopen($session_file_path, 'w');
134
if (!fputs($fp,$string))
135
$error.= "Failed to write to \"$session_file_path\"\n";
138
$error .= "Failed to open \"$session_file_path\"\n";
139
echo "filesystem error";
142
// initialize $my_prefs, and create $userPath/prefs.inc file
143
if (@file_exists(realpath($path."/prefs"))) $my_prefs = GetSettings($init["my_prefs"], $path."/prefs");
144
else $my_prefs = $init["my_prefs"];
145
include("../include/save_prefs.inc");
147
// initialize $my_colors, and create $userPath/colors.inc file
148
if (@file_exists(realpath($path."/colors"))) $my_colors = GetSettings($init["my_colors"], $path."/colors");
149
else $my_colors = $init["my_colors"];
150
include("../include/save_colors.inc");
152
$error .= "Couldn't create user dir<br>\n";