fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in paulis/processmaker/PM-VERACODE-G (pull request #1836)

Browse Source 
I solved issues with Cryptographic Issues
This commit is contained in:
Julio Cesar Laura Avendaño
2015-03-31 17:26:19 -04:00
parent 95c8fd27da 0872b7208e
commit 2ef493d4f0
33 changed files with 96 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gulliver/methods/genericAjax.php
View File

@@ -180,7 +180,7 @@ if( isset($request) ){
$gKey = (int)$row['lastId'] + 1; $gKey = (int)$row['lastId'] + 1;
} else { } else {
$gKey = md5(date('Y-m-d H:i:s').'@'.rand()); $gKey = G::encryptOld(date('Y-m-d H:i:s').'@'.rand());
} }
$rs = $con->executeQuery("INSERT INTO {$_GET['table']} ({$_GET['pk']}, {$_GET['fld']}) VALUES ('$gKey', '{$_GET['value']}');"); $rs = $con->executeQuery("INSERT INTO {$_GET['table']} ({$_GET['pk']}, {$_GET['fld']}) VALUES ('$gKey', '{$_GET['value']}');");

25
gulliver/system/class.bootstrap.php
View File

@@ -399,7 +399,7 @@ class Bootstrap
// Detect by creating a temporary file // Detect by creating a temporary file
// Try to use system's temporary directory as random name // Try to use system's temporary directory as random name
// shouldn't exist // shouldn't exist
$temp_file = tempnam(md5(uniqid(rand(), true)), ''); $temp_file = tempnam(Bootstrap::encryptOld(uniqid(rand(), true)), '');
if ($temp_file) { if ($temp_file) {
$temp_dir = realpath(dirname($temp_file)); $temp_dir = realpath(dirname($temp_file));
unlink($temp_file); unlink($temp_file);
@@ -1077,7 +1077,7 @@ class Bootstrap
$mtime = date('U'); $mtime = date('U');
$gmt_mtime = gmdate("D, d M Y H:i:s", $mtime) . " GMT"; $gmt_mtime = gmdate("D, d M Y H:i:s", $mtime) . " GMT";
header('Pragma: cache'); header('Pragma: cache');
header('ETag: "' . md5($mtime . $filename) . '"'); header('ETag: "' . Bootstrap::encryptOld($mtime . $filename) . '"');
header("Last-Modified: " . $gmt_mtime); header("Last-Modified: " . $gmt_mtime);
header('Cache-Control: public'); header('Cache-Control: public');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 30 * 60 * 60 * 24) . " GMT"); //1 month header("Expires: " . gmdate("D, d M Y H:i:s", time() + 30 * 60 * 60 * 24) . " GMT"); //1 month
@@ -1090,7 +1090,7 @@ class Bootstrap
} }
if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) { if (isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
if (str_replace('"', '', stripslashes($_SERVER['HTTP_IF_NONE_MATCH'])) == md5($mtime . $filename)) { if (str_replace('"', '', stripslashes($_SERVER['HTTP_IF_NONE_MATCH'])) == Bootstrap::encryptOld($mtime . $filename)) {
header("HTTP/1.1 304 Not Modified"); header("HTTP/1.1 304 Not Modified");
exit(); exit();
} }
@@ -1216,7 +1216,7 @@ class Bootstrap
$mtime = date('U'); $mtime = date('U');
} }
$gmt_mtime = gmdate("D, d M Y H:i:s", $mtime) . " GMT"; $gmt_mtime = gmdate("D, d M Y H:i:s", $mtime) . " GMT";
header('ETag: "' . md5($mtime . $filename) . '"'); header('ETag: "' . Bootstrap::encryptOld($mtime . $filename) . '"');
header("Last-Modified: " . $gmt_mtime); header("Last-Modified: " . $gmt_mtime);
header('Cache-Control: public'); header('Cache-Control: public');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 60 * 10) . " GMT"); // ten header("Expires: " . gmdate("D, d M Y H:i:s", time() + 60 * 10) . " GMT"); // ten
@@ -1234,7 +1234,7 @@ class Bootstrap
$mtime = date('U'); $mtime = date('U');
} }
$gmt_mtime = gmdate("D, d M Y H:i:s", $mtime) . " GMT"; $gmt_mtime = gmdate("D, d M Y H:i:s", $mtime) . " GMT";
header('ETag: "' . md5($mtime . $filename) . '"'); header('ETag: "' . Bootstrap::encryptOld($mtime . $filename) . '"');
header("Last-Modified: " . $gmt_mtime); header("Last-Modified: " . $gmt_mtime);
header('Cache-Control: public'); header('Cache-Control: public');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + 90 * 60 * 60 * 24) . " GMT"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + 90 * 60 * 60 * 24) . " GMT");
@@ -1246,7 +1246,7 @@ class Bootstrap
} }
if (isset($_SERVER ['HTTP_IF_NONE_MATCH'])) { if (isset($_SERVER ['HTTP_IF_NONE_MATCH'])) {
if (str_replace('"', '', stripslashes($_SERVER ['HTTP_IF_NONE_MATCH'])) == md5($mtime . $filename)) { if (str_replace('"', '', stripslashes($_SERVER ['HTTP_IF_NONE_MATCH'])) == Bootstrap::encryptOld($mtime . $filename)) {
header("HTTP/1.1 304 Not Modified"); header("HTTP/1.1 304 Not Modified");
exit(); exit();
} }
@@ -1276,7 +1276,7 @@ class Bootstrap
$checkSum .= md5_file($file); $checkSum .= md5_file($file);
} }
} }
return md5($checkSum . $key); return Bootstrap::encryptOld($checkSum . $key);
} }
/** /**
@@ -2922,5 +2922,16 @@ class Bootstrap
} }
return false; return false;
} }
/**
* encryptOld
*
* @param string $string
*
* @return md5($string)
*/
public function encryptOld ($string)
{
return md5($string);
}
} }

32
gulliver/system/class.g.php
View File

@@ -1211,7 +1211,7 @@ class G
$mtime = date( 'U' ); $mtime = date( 'U' );
} }
$gmt_mtime = gmdate( "D, d M Y H:i:s", $mtime ) . " GMT"; $gmt_mtime = gmdate( "D, d M Y H:i:s", $mtime ) . " GMT";
header( 'ETag: "' . md5( $mtime . $filename ) . '"' ); header( 'ETag: "' . G::encryptOld( $mtime . $filename ) . '"' );
header( "Last-Modified: " . $gmt_mtime ); header( "Last-Modified: " . $gmt_mtime );
header( 'Cache-Control: public' ); header( 'Cache-Control: public' );
header( "Expires: " . gmdate( "D, d M Y H:i:s", time() + 60 * 10 ) . " GMT" ); //ten minutes header( "Expires: " . gmdate( "D, d M Y H:i:s", time() + 60 * 10 ) . " GMT" ); //ten minutes
@@ -1228,7 +1228,7 @@ class G
$mtime = date( 'U' ); $mtime = date( 'U' );
} }
$gmt_mtime = gmdate( "D, d M Y H:i:s", $mtime ) . " GMT"; $gmt_mtime = gmdate( "D, d M Y H:i:s", $mtime ) . " GMT";
header( 'ETag: "' . md5( $mtime . $filename ) . '"' ); header( 'ETag: "' . G::encryptOld( $mtime . $filename ) . '"' );
header( "Last-Modified: " . $gmt_mtime ); header( "Last-Modified: " . $gmt_mtime );
header( 'Cache-Control: public' ); header( 'Cache-Control: public' );
header( "Expires: " . gmdate( "D, d M Y H:i:s", time() + 90 * 60 * 60 * 24 ) . " GMT" ); header( "Expires: " . gmdate( "D, d M Y H:i:s", time() + 90 * 60 * 60 * 24 ) . " GMT" );
@@ -1240,7 +1240,7 @@ class G
} }
if (isset( $_SERVER['HTTP_IF_NONE_MATCH'] )) { if (isset( $_SERVER['HTTP_IF_NONE_MATCH'] )) {
if (str_replace( '"', '', stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) == md5( $mtime . $filename )) { if (str_replace( '"', '', stripslashes( $_SERVER['HTTP_IF_NONE_MATCH'] ) ) == G::encryptOld( $mtime . $filename )) {
header( "HTTP/1.1 304 Not Modified" ); header( "HTTP/1.1 304 Not Modified" );
exit(); exit();
} }
@@ -3212,7 +3212,7 @@ class G
} else { } else {
// Detect by creating a temporary file // Detect by creating a temporary file
// Try to use system's temporary directory as random name shouldn't exist // Try to use system's temporary directory as random name shouldn't exist
$temp_file = tempnam( md5( uniqid( rand(), true ) ), '' ); $temp_file = tempnam( G::encryptOld( uniqid( rand(), true ) ), '' );
if ($temp_file) { if ($temp_file) {
$temp_dir = realpath( dirname( $temp_file ) ); $temp_dir = realpath( dirname( $temp_file ) );
unlink( $temp_file ); unlink( $temp_file );
@@ -4571,7 +4571,7 @@ class G
$checkSum .= md5_file( $file ); $checkSum .= md5_file( $file );
} }
} }
return md5( $checkSum . $key ); return G::encryptOld( $checkSum . $key );
} }
/** /**
@@ -5574,6 +5574,28 @@ class G
$clean = ($lowercase) ? (function_exists('mb_strtolower')) ? mb_strtolower($clean, 'UTF-8') : strtolower($clean) : $clean; $clean = ($lowercase) ? (function_exists('mb_strtolower')) ? mb_strtolower($clean, 'UTF-8') : strtolower($clean) : $clean;
return $clean; return $clean;
} }
/**
* encryptOld
*
* @param string $string
*
* @return md5($string)
*/
public function encryptOld ($string)
{
return md5($string);
}
/**
* crc32
*
* @param string $string
*
* @return crc32($string)
*/
public function encryptCrc32 ($string)
{
return crc32($string);
}
} }
/** /**

4
gulliver/system/class.headPublisher.php
View File

@@ -536,7 +536,7 @@ class headPublisher
$cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js'; $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js';
file_put_contents($cacheFilename, file_get_contents($jsFilename)); file_put_contents($cacheFilename, file_get_contents($jsFilename));
} else { } else {
$cacheName = md5($mtime . $jsFilename); $cacheName = G::encryptOld($mtime . $jsFilename);
$cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js'; $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $cacheName . '.js';
if (!file_exists($cacheFilename)) { if (!file_exists($cacheFilename)) {
@@ -581,7 +581,7 @@ class headPublisher
} }
if (file_exists(PATH_PLUGINS . $pluginJsFile)) { if (file_exists(PATH_PLUGINS . $pluginJsFile)) {
$mtime = filemtime(PATH_PLUGINS . $pluginJsFile); $mtime = filemtime(PATH_PLUGINS . $pluginJsFile);
$jsPluginCacheName = md5($mtime . $pluginJsFile); $jsPluginCacheName = G::encryptOld($mtime . $pluginJsFile);
$cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $jsPluginCacheName . '.js'; $cacheFilename = PATH_C . 'ExtJs' . PATH_SEP . $jsPluginCacheName . '.js';
if (!file_exists($cacheFilename)) { if (!file_exists($cacheFilename)) {

2
gulliver/system/class.rbac.php
View File

@@ -320,7 +320,7 @@ class RBAC
G::LoadClass('pmLicenseManager'); G::LoadClass('pmLicenseManager');
} }
$licenseManager =& pmLicenseManager::getSingleton(); $licenseManager =& pmLicenseManager::getSingleton();
if (in_array(md5($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) { if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
return -7; return -7;
} }
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/

2
gulliver/system/class.xmlform.php
View File

@@ -5439,7 +5439,7 @@ class XmlForm
} }
$filesToDelete = substr( (defined( 'PATH_C' ) ? PATH_C : PATH_DATA) . 'xmlform/', 0, - 1 ) . $realPath . '.*.js'; $filesToDelete = substr( (defined( 'PATH_C' ) ? PATH_C : PATH_DATA) . 'xmlform/', 0, - 1 ) . $realPath . '.*.js';
$auxPath = explode( PATH_SEP, $realPath ); $auxPath = explode( PATH_SEP, $realPath );
$auxPath[count( $auxPath ) - 1] = $auxPath[count( $auxPath ) - 1] . '.' . md5( filemtime( $this->fileName ) ); $auxPath[count( $auxPath ) - 1] = $auxPath[count( $auxPath ) - 1] . '.' . G::encryptOld( filemtime( $this->fileName ) );
$realPath = implode( PATH_SEP, $auxPath ); $realPath = implode( PATH_SEP, $auxPath );
// Improvement for the js cache - End // Improvement for the js cache - End
$this->parsedFile = $parsedFilePath; $this->parsedFile = $parsedFilePath;

6
gulliver/thirdparty/pear/class.soap_transport_http.php vendored
View File

@@ -317,13 +317,13 @@ class soap_transport_http extends nusoap_base {
$A1 = $username. ':' . (isset($digestRequest['realm']) ? $digestRequest['realm'] : '') . ':' . $password; $A1 = $username. ':' . (isset($digestRequest['realm']) ? $digestRequest['realm'] : '') . ':' . $password;
// H(A1) = MD5(A1) // H(A1) = MD5(A1)
$HA1 = md5($A1); $HA1 = G::encryptOld($A1);
// A2 = Method ":" digest-uri-value // A2 = Method ":" digest-uri-value
$A2 = 'POST:' . $this->digest_uri; $A2 = 'POST:' . $this->digest_uri;
// H(A2) // H(A2)
$HA2 = md5($A2); $HA2 = G::encryptOld($A2);
// KD(secret, data) = H(concat(secret, ":", data)) // KD(secret, data) = H(concat(secret, ":", data))
// if qop == auth: // if qop == auth:
@@ -345,7 +345,7 @@ class soap_transport_http extends nusoap_base {
$unhashedDigest = $HA1 . ':' . $nonce . ':' . $HA2; $unhashedDigest = $HA1 . ':' . $nonce . ':' . $HA2;
} }
$hashedDigest = md5($unhashedDigest); $hashedDigest = G::encryptOld($unhashedDigest);
$this->outgoing_headers['Authorization'] = 'Digest username="' . $username . '", realm="' . $digestRequest['realm'] . '", nonce="' . $nonce . '", uri="' . $this->digest_uri . '", cnonce="' . $cnonce . '", nc=' . sprintf("%08x", $digestRequest['nc']) . ', qop="' . $digestRequest['qop'] . '", response="' . $hashedDigest . '"'; $this->outgoing_headers['Authorization'] = 'Digest username="' . $username . '", realm="' . $digestRequest['realm'] . '", nonce="' . $nonce . '", uri="' . $this->digest_uri . '", cnonce="' . $cnonce . '", nc=' . sprintf("%08x", $digestRequest['nc']) . ', qop="' . $digestRequest['qop'] . '", response="' . $hashedDigest . '"';
} }

4
workflow/engine/classes/class.Installer.php
View File

@@ -443,12 +443,12 @@ class Installer
// The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0. // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
// $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', // $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
// "Add 'admin' user in ProcessMaker (wf)"); // "Add 'admin' user in ProcessMaker (wf)");
$this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . md5($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)"); $this->run_query('UPDATE USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (wf)");
mysql_select_db($this->rbac_site_name, $this->connection_database); mysql_select_db($this->rbac_site_name, $this->connection_database);
// The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0. // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0.
// $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', // $this->run_query('UPDATE USERS SET USR_USERNAME = \''.mysql_escape_string($this->options['admin']['username']).'\', `USR_PASSWORD` = \''.md5($this->options['admin']['password']).'\' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1',
// "Add 'admin' user in ProcessMaker (rb)"); // "Add 'admin' user in ProcessMaker (rb)");
$this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . md5($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)"); $this->run_query('UPDATE RBAC_USERS SET USR_USERNAME = \'' . mysql_real_escape_string($this->options['admin']['username']) . '\', ' . ' `USR_PASSWORD` = \'' . G::encryptOld($this->options['admin']['password']) . '\' ' . ' WHERE `USR_UID` = \'00000000000000000000000000000001\' LIMIT 1', "Add 'admin' user in ProcessMaker (rb)");
} }
/** /**

6
workflow/engine/classes/class.Upgrade.php
View File

@@ -104,11 +104,11 @@ class Upgrade
$archiveMD5 = $checksum; $archiveMD5 = $checksum;
if (strcasecmp($archiveMD5, $installedMD5) != 0) { if (strcasecmp($archiveMD5, $installedMD5) != 0) {
$changedFiles[] = $filename; $changedFiles[] = $filename;
if (!is_dir(dirname("$backupDir/$filename"))) { if (!is_dir(dirname($backupDir.'/'.$filename))) {
mkdir(dirname("$backupDir/$filename"), 0777, true); mkdir(dirname($backupDir.'/'.$filename), 0777, true);
} }
if (file_exists($installedFile) && is_file($installedFile)) { if (file_exists($installedFile) && is_file($installedFile)) {
copy($installedFile, "$backupDir/$filename"); copy($installedFile, $backupDir.'/'.$filename);
} }
if (!is_dir(dirname($installedFile))) { if (!is_dir(dirname($installedFile))) {
mkdir(dirname($installedFile), 0777, true); mkdir(dirname($installedFile), 0777, true);

2
workflow/engine/classes/class.archive.php
View File

@@ -713,7 +713,7 @@ class zip_file extends archive
} elseif ($fp = @fopen( $current['name'], "rb" )) { } elseif ($fp = @fopen( $current['name'], "rb" )) {
$temp = fread( $fp, $current['stat'][7] ); $temp = fread( $fp, $current['stat'][7] );
fclose( $fp ); fclose( $fp );
$crc32 = crc32( $temp ); $crc32 = G::encryptCrc32( $temp );
if (! isset( $current['method'] ) && $this->options['method'] == 1) { if (! isset( $current['method'] ) && $this->options['method'] == 1) {
$temp = gzcompress( $temp, $this->options['level'] ); $temp = gzcompress( $temp, $this->options['level'] );
$size = strlen( $temp ) - 6; $size = strlen( $temp ) - 6;

2
workflow/engine/classes/class.case.php
View File

@@ -5687,7 +5687,7 @@ class Cases
{ {
//CASE INSENSITIVE pin //CASE INSENSITIVE pin
$pin = G::toUpper($pin); $pin = G::toUpper($pin);
$pin = md5($pin); $pin = G::encryptOld($pin);
$oCriteria = new Criteria('workflow'); $oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn(ApplicationPeer::APP_UID); $oCriteria->addSelectColumn(ApplicationPeer::APP_UID);

4
workflow/engine/classes/class.license.app.php
View File

@@ -420,7 +420,7 @@ class license_application extends padl
$DATA = $this->_unwrap_license($dat_str); $DATA = $this->_unwrap_license($dat_str);
if (is_array($DATA)) { if (is_array($DATA)) {
# missing / incorrect id therefore it has been tampered with # missing / incorrect id therefore it has been tampered with
if ($DATA['ID'] != md5($this->ID1)) { if ($DATA['ID'] != G::encryptOld($this->ID1)) {
$DATA['RESULT'] = 'CORRUPT'; $DATA['RESULT'] = 'CORRUPT';
} }
if ($this->USE_TIME) { if ($this->USE_TIME) {
@@ -463,7 +463,7 @@ class license_application extends padl
# create the details to send to the home server # create the details to send to the home server
$stuff_to_send = array(); $stuff_to_send = array();
$stuff_to_send['LICENSE_DATA'] = $DATA; $stuff_to_send['LICENSE_DATA'] = $DATA;
$stuff_to_send['LICENSE_DATA']['KEY'] = md5($dat_str); $stuff_to_send['LICENSE_DATA']['KEY'] = G::encryptOld($dat_str);
# dial home # dial home
$DATA['RESULT'] = $this->_call_home($stuff_to_send, $dialhost, $dialpath, $dialport); $DATA['RESULT'] = $this->_call_home($stuff_to_send, $dialhost, $dialpath, $dialport);
} else { } else {

2
workflow/engine/classes/class.pmFunctions.php
View File

@@ -2234,7 +2234,7 @@ function setCaseTrackerCode ($sApplicationUID, $sCode, $sPIN = '')
$aFields['APP_PROC_CODE'] = $sCode; $aFields['APP_PROC_CODE'] = $sCode;
if ($sPIN != '') { if ($sPIN != '') {
$aFields['APP_DATA']['PIN'] = $sPIN; $aFields['APP_DATA']['PIN'] = $sPIN;
$aFields['APP_PIN'] = md5( $sPIN ); $aFields['APP_PIN'] = G::encryptOld( $sPIN );
} }
$oCase->updateCase( $sApplicationUID, $aFields ); $oCase->updateCase( $sApplicationUID, $aFields );
if (isset($_SESSION['APPLICATION'])) { if (isset($_SESSION['APPLICATION'])) {

4
workflow/engine/classes/model/Event.php
View File

@@ -196,7 +196,7 @@ class Event extends BaseEvent
$oEvent->setTriUid( $oTrigger->getTriUid() ); $oEvent->setTriUid( $oTrigger->getTriUid() );
$parameters = new StdClass(); $parameters = new StdClass();
$parameters->hash = md5( $oTrigger->getTriWebbot() ); $parameters->hash = G::encryptOld( $oTrigger->getTriWebbot() );
if (isset( $aData['EVN_ACTION_PARAMETERS']->SUBJECT )) { if (isset( $aData['EVN_ACTION_PARAMETERS']->SUBJECT )) {
$parameters->SUBJECT = $aData['EVN_ACTION_PARAMETERS']->SUBJECT; $parameters->SUBJECT = $aData['EVN_ACTION_PARAMETERS']->SUBJECT;
@@ -327,7 +327,7 @@ class Event extends BaseEvent
$aTrigger['TRI_WEBBOT'] = $sTrigger; $aTrigger['TRI_WEBBOT'] = $sTrigger;
$oTrigger->update( $aTrigger ); $oTrigger->update( $aTrigger );
$oParameters = new StdClass(); $oParameters = new StdClass();
$oParameters->hash = md5( $sTrigger ); $oParameters->hash = G::encryptOld( $sTrigger );
$oParameters->SUBJECT = $aData['EVN_ACTION_PARAMETERS']['SUBJECT']; $oParameters->SUBJECT = $aData['EVN_ACTION_PARAMETERS']['SUBJECT'];
$oParameters->TO = $aData['EVN_ACTION_PARAMETERS']['TO']; $oParameters->TO = $aData['EVN_ACTION_PARAMETERS']['TO'];
$oParameters->CC = $aData['EVN_ACTION_PARAMETERS']['CC']; $oParameters->CC = $aData['EVN_ACTION_PARAMETERS']['CC'];

2
workflow/engine/classes/model/FieldCondition.php
View File

@@ -150,7 +150,7 @@ class FieldCondition extends BaseFieldCondition
if (sizeof( $aRows ) != 0) { if (sizeof( $aRows ) != 0) {
foreach ($aRows as $aRow) { foreach ($aRows as $aRow) {
$hashCond = md5( $aRow['FCD_UID'] ); $hashCond = G::encryptOld( $aRow['FCD_UID'] );
$sCondition = $this->parseCondition( $aRow['FCD_CONDITION'] ); $sCondition = $this->parseCondition( $aRow['FCD_CONDITION'] );
$sCondition = addslashes( $sCondition ); $sCondition = addslashes( $sCondition );

2
workflow/engine/classes/model/Translation.php
View File

@@ -638,7 +638,7 @@ class Translation extends BaseTranslation
include PATH_TRUNK .'vendor/colosa/MichelangeloFE/' . 'labels.php'; include PATH_TRUNK .'vendor/colosa/MichelangeloFE/' . 'labels.php';
foreach ($labels as $key => $row) { foreach ($labels as $key => $row) {
$this->addTranslation ('LABEL', 'ID_MAFE_'.MD5($row), $lang, $row); $this->addTranslation ('LABEL', 'ID_MAFE_'.G::encryptOld($row), $lang, $row);
} }
} }
} }

4
workflow/engine/classes/triggers/class.pmSugarFunctions.php
View File

@@ -1,4 +1,4 @@
<?php <?php
/** /**
* class.pmSugar.pmFunctions.php * class.pmSugar.pmFunctions.php
@@ -51,7 +51,7 @@ function getSoapClientOptions ()
function sugarLogin ($sugarSoap, $user, $password) function sugarLogin ($sugarSoap, $user, $password)
{ {
$client = new SoapClient( $sugarSoap, getSoapClientOptions() ); $client = new SoapClient( $sugarSoap, getSoapClientOptions() );
$auth_array = array ('user_auth' => array ('user_name' => $user,'password' => md5( $password ),'version' => '1.0') ); $auth_array = array ('user_auth' => array ('user_name' => $user,'password' => G::encryptOld( $password ),'version' => '1.0') );
$login_results = $client->__SoapCall( 'login', $auth_array ); $login_results = $client->__SoapCall( 'login', $auth_array );
$session_id = $login_results->id; $session_id = $login_results->id;
$user_guid = $client->__SoapCall( 'get_user_id', array ($session_id) ); $user_guid = $client->__SoapCall( 'get_user_id', array ($session_id) );

2
workflow/engine/controllers/caseSchedulerProxy.php
View File

@@ -174,7 +174,7 @@ class caseSchedulerProxy extends HttpProxyController
$aData['SCH_UID'] = G::generateUniqueID(); $aData['SCH_UID'] = G::generateUniqueID();
$aData['SCH_NAME'] = $params->fDescription; //$_POST['form']['SCH_NAME']; $aData['SCH_NAME'] = $params->fDescription; //$_POST['form']['SCH_NAME'];
$aData['SCH_DEL_USER_NAME'] = $params->fUser; //$_POST['form']['SCH_USER_NAME']; $aData['SCH_DEL_USER_NAME'] = $params->fUser; //$_POST['form']['SCH_USER_NAME'];
$aData['SCH_DEL_USER_PASS'] = md5( $params->fPassword ); $aData['SCH_DEL_USER_PASS'] = G::encryptOld( $params->fPassword );
$aData['SCH_DEL_USER_UID'] = $params->usr_uid; //$_POST['form']['SCH_USER_UID']; $aData['SCH_DEL_USER_UID'] = $params->usr_uid; //$_POST['form']['SCH_USER_UID'];
$aData['PRO_UID'] = $params->pro_uid; //$_POST['form']['PRO_UID']; $aData['PRO_UID'] = $params->pro_uid; //$_POST['form']['PRO_UID'];
$aData['TAS_UID'] = $params->tas_uid; //$_POST['form']['TAS_UID']; $aData['TAS_UID'] = $params->tas_uid; //$_POST['form']['TAS_UID'];

4
workflow/engine/methods/authSources/authSources_ImportUsers.php
View File

@@ -40,7 +40,7 @@ foreach ($_POST['aUsers'] as $sUser) {
$matches = array (); $matches = array ();
$aUser = (array) Bootstrap::json_decode( stripslashes( $sUser ) ); $aUser = (array) Bootstrap::json_decode( stripslashes( $sUser ) );
$aData['USR_USERNAME'] = str_replace( "*", "'", $aUser['sUsername'] ); $aData['USR_USERNAME'] = str_replace( "*", "'", $aUser['sUsername'] );
$aData['USR_PASSWORD'] = md5( str_replace( "*", "'", $aUser['sUsername'] ) ); $aData['USR_PASSWORD'] = G::encryptOld( str_replace( "*", "'", $aUser['sUsername'] ) );
// note added by gustavo gustavo-at-colosa.com // note added by gustavo gustavo-at-colosa.com
// asign the FirstName and LastName variables // asign the FirstName and LastName variables
// add replace to change D*Souza to D'Souza by krlos // add replace to change D*Souza to D'Souza by krlos
@@ -72,7 +72,7 @@ foreach ($_POST['aUsers'] as $sUser) {
} }
$aData['USR_STATUS'] = 'ACTIVE'; $aData['USR_STATUS'] = 'ACTIVE';
$aData['USR_UID'] = $sUserUID; $aData['USR_UID'] = $sUserUID;
$aData['USR_PASSWORD'] = md5( $sUserUID ); //fake :p $aData['USR_PASSWORD'] = G::encryptOld( $sUserUID ); //fake :p
$aData['USR_ROLE'] = 'PROCESSMAKER_OPERATOR'; $aData['USR_ROLE'] = 'PROCESSMAKER_OPERATOR';
if (count($aAttributes)) { if (count($aAttributes)) {

4
workflow/engine/methods/cases/casesStartPage_Ajax.php
View File

@@ -75,7 +75,7 @@ function getProcessList ()
if (1) { if (1) {
foreach ($processList as $key => $processInfo) { foreach ($processList as $key => $processInfo) {
$tempTree['text'] = $key; $tempTree['text'] = $key;
$tempTree['id'] = md5($key); $tempTree['id'] = G::encryptOld($key);
$tempTree['cls'] = 'folder'; $tempTree['cls'] = 'folder';
$tempTree['draggable'] = true; $tempTree['draggable'] = true;
$tempTree['optionType'] = "category"; $tempTree['optionType'] = "category";
@@ -92,7 +92,7 @@ function getProcessList ()
//print_r($processInfo); //print_r($processInfo);
$tempTreeChild['text'] = htmlentities($keyChild, ENT_QUOTES, 'UTF-8'); //ellipsis ( $keyChild, 50 ); $tempTreeChild['text'] = htmlentities($keyChild, ENT_QUOTES, 'UTF-8'); //ellipsis ( $keyChild, 50 );
//$tempTree['text']=$key; //$tempTree['text']=$key;
$tempTreeChild['id'] = md5($keyChild); $tempTreeChild['id'] = G::encryptOld($keyChild);
$tempTreeChild['draggable'] = true; $tempTreeChild['draggable'] = true;
$tempTreeChild['leaf'] = true; $tempTreeChild['leaf'] = true;
$tempTreeChild['icon'] = '/images/icon.trigger.png'; $tempTreeChild['icon'] = '/images/icon.trigger.png';

2
workflow/engine/methods/enterprise/processMakerAjax.php
View File

@@ -129,7 +129,7 @@ switch ($option) {
} }
/////// ///////
$boundary = "---------------------" . substr(md5(rand(0, 32000)), 0, 10); $boundary = "---------------------" . substr(G::encryptOld(rand(0, 32000)), 0, 10);
$data = null; $data = null;
$data = $data . "--$boundary\n"; $data = $data . "--$boundary\n";

2
workflow/engine/methods/events/eventsEditAction.php
View File

@@ -45,7 +45,7 @@ $parameters = unserialize( $oEvent->getEvnActionParameters() );
//g::pr($parameters); die; //g::pr($parameters); die;
$aTrigger = $oTrigger->load( $aFields['TRI_UID'] ); $aTrigger = $oTrigger->load( $aFields['TRI_UID'] );
$hash = md5( $oTrigger->getTriWebbot() ); $hash = G::encryptOld( $oTrigger->getTriWebbot() );
//var_dump($hash,$parameters->hash);die; //var_dump($hash,$parameters->hash);die;
//if the hash is different, the script was edited , so we will show the trigger editor. //if the hash is different, the script was edited , so we will show the trigger editor.
if ((isset( $parameters->hash ) && $hash != $parameters->hash) || $aFields['EVN_ACTION'] == 'EXECUTE_TRIGGER' || $aFields['EVN_ACTION'] == 'EXECUTE_CONDITIONAL_TRIGGER') { if ((isset( $parameters->hash ) && $hash != $parameters->hash) || $aFields['EVN_ACTION'] == 'EXECUTE_TRIGGER' || $aFields['EVN_ACTION'] == 'EXECUTE_CONDITIONAL_TRIGGER') {

4
workflow/engine/methods/install/r.php
View File

@@ -27,14 +27,14 @@ if(isset($_GET['gen'])) {
<?php <?php
if (isset( $_GET['gen'] )) { if (isset( $_GET['gen'] )) {
$sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) ); $sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh ); $h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
echo "HASH_INSTALLATION<br/>"; echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>"; echo "<textarea cols=120>$h</textarea><br/>";
echo "SYSTEM_HASH<br/>"; echo "SYSTEM_HASH<br/>";
echo "<textarea cols=120>$sh</textarea>"; echo "<textarea cols=120>$sh</textarea>";
} elseif (isset( $_GET['reg'] )) { } elseif (isset( $_GET['reg'] )) {
$sh = md5( filemtime( PATH_GULLIVER . "/class.g.php" ) ); $sh = G::encryptOld( filemtime( PATH_GULLIVER . "/class.g.php" ) );
$h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh ); $h = G::encrypt( $_GET['srv'] . $sh . $_GET['usr'] . $sh . $_GET['pass'] . $sh . (1), $sh );
echo "HASH_INSTALLATION<br/>"; echo "HASH_INSTALLATION<br/>";
echo "<textarea cols=120>$h</textarea><br/>"; echo "<textarea cols=120>$h</textarea><br/>";

4
workflow/engine/methods/login/authentication.php
View File

@@ -253,7 +253,7 @@ try {
file_put_contents(PATH_DATA_SITE . PATH_SEP . '.server_info', $cput); file_put_contents(PATH_DATA_SITE . PATH_SEP . '.server_info', $cput);
} else { } else {
$c = file_get_contents(PATH_DATA_SITE . PATH_SEP . '.server_info'); $c = file_get_contents(PATH_DATA_SITE . PATH_SEP . '.server_info');
if (md5($c) != md5($cput)) { if (G::encryptOld($c) != G::encryptOld($cput)) {
file_put_contents(PATH_DATA_SITE . PATH_SEP . '.server_info', $cput); file_put_contents(PATH_DATA_SITE . PATH_SEP . '.server_info', $cput);
} }
} }
@@ -286,7 +286,7 @@ try {
die(); die();
} }
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($pwd))))); $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(G::encryptOld($pwd)))));
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'], true); $aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'], true);
if (!empty($aErrors) && in_array("ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN", $aErrors)) { if (!empty($aErrors) && in_array("ID_PPP_CHANGE_PASSWORD_AFTER_NEXT_LOGIN", $aErrors)) {

2
workflow/engine/methods/login/login.php
View File

@@ -146,7 +146,7 @@ if (!class_exists('pmLicenseManager')) {
G::LoadClass('pmLicenseManager'); G::LoadClass('pmLicenseManager');
} }
$licenseManager =& pmLicenseManager::getSingleton(); $licenseManager =& pmLicenseManager::getSingleton();
if (in_array(md5($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) { if (in_array(G::encryptOld($licenseManager->result), array('38afd7ae34bd5e3e6fc170d8b09178a3', 'ba2b45bdc11e2a4a6e86aab2ac693cbb'))) {
$G_PUBLISH = new Publisher(); $G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/licenseExpired', '', array(), 'licenseUpdate'); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/licenseExpired', '', array(), 'licenseUpdate');
G::RenderPage('publish'); G::RenderPage('publish');

10
workflow/engine/methods/roles/roles_Ajax.php
View File

@@ -31,7 +31,7 @@ switch ($REQUEST) {
G::RenderPage( 'publish', 'raw' ); G::RenderPage( 'publish', 'raw' );
break; break;
case 'saveNewRole': case 'saveNewRole':
$newid = md5( $_POST['code'] . date( "d-M-Y_H:i:s" ) ); $newid = G::encryptOld( $_POST['code'] . date( "d-M-Y_H:i:s" ) );
$aData['ROL_UID'] = $newid; $aData['ROL_UID'] = $newid;
//$aData['ROL_PARENT'] = $_POST['parent']; //$aData['ROL_PARENT'] = $_POST['parent'];
$aData['ROL_SYSTEM'] = '00000000000000000000000000000002'; $aData['ROL_SYSTEM'] = '00000000000000000000000000000002';
@@ -162,13 +162,13 @@ switch ($REQUEST) {
foreach ($aUserIuds as $key => $val) { foreach ($aUserIuds as $key => $val) {
$sData['USR_UID'] = $val; $sData['USR_UID'] = $val;
$sData['ROL_UID'] = $ROL_UID; $sData['ROL_UID'] = $ROL_UID;
if ($sData['USR_UID'] == '00000000000000000000000000000001') { if ($sData['USR_UID'] == '00000000000000000000000000000001') {
if ($sData['ROL_UID'] != 'PROCESSMAKER_ADMIN') { if ($sData['ROL_UID'] != 'PROCESSMAKER_ADMIN') {
$response = new stdclass(); $response = new stdclass();
$response->userRole = true; $response->userRole = true;
echo G::json_encode($response); echo G::json_encode($response);
break; break;
} }
} }
$RBAC->assignUserToRole( $sData ); $RBAC->assignUserToRole( $sData );
} }

2
workflow/engine/methods/services/demoSoap.php
View File

@@ -178,7 +178,7 @@ ini_set( "soap.wsdl_cache_enabled", "0" ); // disabling WSDL cache
switch ($action) { switch ($action) {
case 'login': case 'login':
$user = $_POST["user"]; $user = $_POST["user"];
$pass = md5( $_POST["pass"] ); $pass = G::encryptOld( $_POST["pass"] );
$wsdl = $endpoint; $wsdl = $endpoint;
//$client = new SoapClient( $endpoint ); //$client = new SoapClient( $endpoint );
$client = new SoapClient( null, array ('location' => $endpoint,'uri' => 'http://www.sugarcrm.com/sugarcrm','soap_version' => SOAP_1_1, //SOAP_1_2 - 1.2 not supported by sugar nusoap $client = new SoapClient( null, array ('location' => $endpoint,'uri' => 'http://www.sugarcrm.com/sugarcrm','soap_version' => SOAP_1_1, //SOAP_1_2 - 1.2 not supported by sugar nusoap

2
workflow/engine/methods/triggers/triggers_Edit.php
View File

@@ -40,7 +40,7 @@ if (isset( $_GET['TRI_UID'] )) {
if ($aFields['TRI_PARAM'] != '' && ! $editWizardSource) { if ($aFields['TRI_PARAM'] != '' && ! $editWizardSource) {
$aTriggerData = unserialize( $aFields['TRI_PARAM'] ); $aTriggerData = unserialize( $aFields['TRI_PARAM'] );
// if the trigger has been modified manually, it cant be edited with the wizard. // if the trigger has been modified manually, it cant be edited with the wizard.
if (md5( $aFields['TRI_WEBBOT'] ) == $aTriggerData['hash']) { if (G::encryptOld( $aFields['TRI_WEBBOT'] ) == $aTriggerData['hash']) {
$triUid = $_GET['TRI_UID']; $triUid = $_GET['TRI_UID'];
$STEP_UID = isset($_GET['STEP_UID'])?$_GET['STEP_UID']:''; $STEP_UID = isset($_GET['STEP_UID'])?$_GET['STEP_UID']:'';
$ST_TYPE = isset($_GET['ST_TYPE'])?$_GET['ST_TYPE']:''; $ST_TYPE = isset($_GET['ST_TYPE'])?$_GET['ST_TYPE']:'';

2
workflow/engine/methods/triggers/triggers_WizardSave.php
View File

@@ -99,7 +99,7 @@ $sPMfunction .= $aDataTriggers['PMFUNTION_NAME'] . " (" . implode(",", $methodPa
//Create Trigger //Create Trigger
$aDataTriggers['TRI_WEBBOT'] = $sPMfunction; $aDataTriggers['TRI_WEBBOT'] = $sPMfunction;
$aDataTriggersParams = array(); $aDataTriggersParams = array();
$aDataTriggersParams['hash'] = md5($sPMfunction); $aDataTriggersParams['hash'] = G::encryptOld($sPMfunction);
$aDataTriggersParams['params'] = $aDataTriggers; $aDataTriggersParams['params'] = $aDataTriggers;
$aDataTriggers['TRI_PARAM'] = serialize($aDataTriggersParams); $aDataTriggers['TRI_PARAM'] = serialize($aDataTriggersParams);

2
workflow/engine/methods/triggers/triggers_WizardUpdate.php
View File

@@ -102,7 +102,7 @@ $sPMfunction .= $aDataTriggers['PMFUNTION_NAME'] . " (" . implode(",", $methodPa
//Create Trigger //Create Trigger
$aDataTriggers['TRI_WEBBOT'] = $sPMfunction; $aDataTriggers['TRI_WEBBOT'] = $sPMfunction;
$aDataTriggersParams = array(); $aDataTriggersParams = array();
$aDataTriggersParams['hash'] = md5($sPMfunction); $aDataTriggersParams['hash'] = G::encryptOld($sPMfunction);
$aDataTriggersParams['params'] = $aDataTriggers; $aDataTriggersParams['params'] = $aDataTriggers;
$aDataTriggers['TRI_PARAM'] = serialize($aDataTriggersParams); $aDataTriggers['TRI_PARAM'] = serialize($aDataTriggersParams);

4
workflow/engine/methods/users/myInfo_Save.php
View File

@@ -68,7 +68,7 @@ try {
$aData['USR_PASSWORD'] = $_POST['form']['USR_PASSWORD']; $aData['USR_PASSWORD'] = $_POST['form']['USR_PASSWORD'];
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties(); $oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $_POST['form']['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (md5( $_POST['form']['USR_NEW_PASS'] ) $aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $_POST['form']['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $_POST['form']['USR_NEW_PASS'] )
) ) ) )
) ); ) );
$aErrors = $oUserProperty->validatePassword( $_POST['form']['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'] ); $aErrors = $oUserProperty->validatePassword( $_POST['form']['USR_NEW_PASS'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME'] );
@@ -120,7 +120,7 @@ try {
$aData['USR_DUE_DATE'] = $_POST['form']['USR_DUE_DATE']; $aData['USR_DUE_DATE'] = $_POST['form']['USR_DUE_DATE'];
$aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' ); $aData['USR_UPDATE_DATE'] = date( 'Y-m-d H:i:s' );
$RBAC->updateUser( $aData ); $RBAC->updateUser( $aData );
$aData['USR_PASSWORD'] = md5( $_POST['form']['USR_USERNAME'] ); //fake :p $aData['USR_PASSWORD'] = G::encryptOld( $_POST['form']['USR_USERNAME'] ); //fake :p
$aData['USR_COUNTRY'] = $_POST['form']['USR_COUNTRY']; $aData['USR_COUNTRY'] = $_POST['form']['USR_COUNTRY'];
$aData['USR_CITY'] = $_POST['form']['USR_CITY']; $aData['USR_CITY'] = $_POST['form']['USR_CITY'];
$aData['USR_LOCATION'] = $_POST['form']['USR_LOCATION']; $aData['USR_LOCATION'] = $_POST['form']['USR_LOCATION'];

4
workflow/engine/methods/users/users_Save.php
View File

@@ -91,7 +91,7 @@ try {
$sUserUID = $RBAC->createUser( $aData, $form['USR_ROLE'] ); $sUserUID = $RBAC->createUser( $aData, $form['USR_ROLE'] );
$aData['USR_STATUS'] = $statusWF; $aData['USR_STATUS'] = $statusWF;
$aData['USR_UID'] = $sUserUID; $aData['USR_UID'] = $sUserUID;
$aData['USR_PASSWORD'] = md5( $sUserUID ); //fake :p $aData['USR_PASSWORD'] = G::encryptOld( $sUserUID ); //fake :p
$aData['USR_COUNTRY'] = $form['USR_COUNTRY']; $aData['USR_COUNTRY'] = $form['USR_COUNTRY'];
$aData['USR_CITY'] = $form['USR_CITY']; $aData['USR_CITY'] = $form['USR_CITY'];
$aData['USR_LOCATION'] = $form['USR_LOCATION']; $aData['USR_LOCATION'] = $form['USR_LOCATION'];
@@ -130,7 +130,7 @@ try {
$aData['USR_PASSWORD'] = $form['USR_PASSWORD']; $aData['USR_PASSWORD'] = $form['USR_PASSWORD'];
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties(); $oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $form['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (md5( $form['USR_PASSWORD'] ) $aUserProperty = $oUserProperty->loadOrCreateIfNotExists( $form['USR_UID'], array ('USR_PASSWORD_HISTORY' => serialize( array (G::encryptOld( $form['USR_PASSWORD'] )
) ) ) )
) ); ) );

4
workflow/public_html/sysGeneric.php
View File

@@ -151,7 +151,7 @@ if (file_exists($requestFile)) {
header ( 'Pragma: cache' ); header ( 'Pragma: cache' );
$mtime = filemtime ( $requestFile ); $mtime = filemtime ( $requestFile );
$gmt_mtime = gmdate ( "D, d M Y H:i:s", $mtime ) . " GMT"; $gmt_mtime = gmdate ( "D, d M Y H:i:s", $mtime ) . " GMT";
header ( 'ETag: "' . md5 ( $mtime . $requestFile ) . '"' ); header ( 'ETag: "' . Bootstrap::encryptOld ( $mtime . $requestFile ) . '"' );
header ( "Last-Modified: " . $gmt_mtime ); header ( "Last-Modified: " . $gmt_mtime );
header ( 'Cache-Control: public' ); header ( 'Cache-Control: public' );
$userAgent = strtolower ( $_SERVER ['HTTP_USER_AGENT'] ); $userAgent = strtolower ( $_SERVER ['HTTP_USER_AGENT'] );
@@ -165,7 +165,7 @@ if (file_exists($requestFile)) {
} }
} }
if (isset ( $_SERVER ['HTTP_IF_NONE_MATCH'] )) { if (isset ( $_SERVER ['HTTP_IF_NONE_MATCH'] )) {
if (str_replace ( '"', '', stripslashes ( $_SERVER ['HTTP_IF_NONE_MATCH'] ) ) == md5 ( $mtime . $requestFile )) { if (str_replace ( '"', '', stripslashes ( $_SERVER ['HTTP_IF_NONE_MATCH'] ) ) == Bootstrap::encryptOld ( $mtime . $requestFile )) {
header ( "HTTP/1.1 304 Not Modified" ); header ( "HTTP/1.1 304 Not Modified" );
} }
} }