Merged in bugfix/PMCORE-4049 (pull request #8637)

PMCORE-4049

workflow/engine/methods/login/authentication.php

@@ -1,6 +1,7 @@
 <?php
 
 use Illuminate\Support\Facades\Cache;
+use Illuminate\Support\Facades\Crypt;
 use ProcessMaker\BusinessModel\User;
 use ProcessMaker\Core\System;
 use ProcessMaker\Plugins\PluginRegistry;
@@ -150,7 +151,7 @@ try {
 
             if (strpos($_SERVER['HTTP_REFERER'], 'home/login') !== false) {
                 $d = serialize(['u' => $usr, 'p' => $pwd, 'm' => G::LoadTranslation($errLabel)]);
-                $urlLogin = $urlLogin . '?d=' . base64_encode($d);
+                $urlLogin = $urlLogin . '?d=' . Crypt::encryptString($d);
             } else {
                 if (empty($ldapMessageError)) {
                     G::SendTemporalMessage($errLabel, "warning");

workflow/engine/methods/login/sysLogin.php

@@ -1,5 +1,7 @@
 <?php
 
+use Illuminate\Support\Facades\Crypt;
+
 /*----------------------------------********---------------------------------*/
 //Browser Compatibility
 $browserSupported = G::checkBrowserCompatibility();
@@ -10,7 +12,7 @@ if ($browserSupported==false) {
 }
 /*----------------------------------********---------------------------------*/
 if (isset ($_POST['form']['USER_ENV'])) {
-    $data = base64_encode(serialize($_POST));
+    $data = Crypt::encryptString(serialize($_POST));
     $url = sprintf('/sys%s/%s/%s/login/sysLoginVerify?d=%s', $_POST['form']['USER_ENV'], SYS_LANG, SYS_SKIN, $data);
     G::header("location: $url");
     die();

workflow/engine/methods/login/sysLoginVerify.php

@@ -1,7 +1,9 @@
 <?php
 
+use Illuminate\Support\Facades\Crypt;
+
 if (array_key_exists("d", $_GET)) {
-    $str = base64_decode($_GET["d"]);
+    $str = Crypt::decryptString($_GET["d"]);
     if (preg_match('/^a:[0-9]+:{/', $str) && !preg_match('/(^|;|{|})O:\+?[0-9]+:"/', $str)) {
         $_POST = unserialize($str);
     }