Changeset 3437 for branches/2.2/security

Timestamp:

10/29/10 10:14:12 (14 years ago)

Author:

rafaelraymundo

Message:

Ticket #990 - Vulnerabilidades no Anti robo Captcha do Login.

File:

• branches/2.2/security/captcha.php (modified) (1 diff)

branches/2.2/security/captcha.php

@@ -106 +106 @@
  
  // ************  Fim da Classe  *************************
- 
- 
-  //Cria o CAPTCHA( gera o string e a imagem ...
+
+function session_convert($str,$ky='')
+    {
+        if($ky=='') return $str;
+        $ky=str_replace(chr(32),'',$ky);
+        if(strlen($ky)<8) return '';
+        $kl=strlen($ky)<32?strlen($ky):32;
+        $k=array();
+        for($i=0;$i<$kl;$i++)
+            {
+                $k[$i]=ord($ky{$i})&0x1F;
+            }
+        $j=0;
+        for($i=0;$i<strlen($str);$i++)
+            {
+                $e=ord($str{$i});
+                $str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e);
+                $j++;$j=$j==$kl?0:$j;
+            }
+        return $str;
+    }
+
+  $key_convert = md5_file($_SERVER["DOCUMENT_ROOT"].'header.inc.php');
+  //Cria o CAPTCHA,  gera o string e a imagem ...
   $GLOBALS['captcha'] = new captcha;
   // Guarda o string do captcha na session...
-  session_id($_REQUEST['xsid']); 
+  session_name('ZABX');
+  session_id(substr(session_convert(base64_decode($_REQUEST['ZABX']),$key_convert),32));
   session_start(); 
   $_SESSION['CAPTCHAString'] = $GLOBALS['captcha'] ->GetCaptchaString();