--- a/includes/rijndael.php Tue Apr 01 01:26:22 2008 -0400
+++ b/includes/rijndael.php Sun Apr 06 14:02:20 2008 -0400
@@ -807,10 +807,11 @@
* @param string $text the encrypted text
* @param string $key the raw binary key used to encrypt the text
* @param int $input_encoding the encoding used for the encrypted string. Can be ENC_BINARY, ENC_HEX, or ENC_BASE64.
+ * @param bool $no_cache If true, will not cache the decrypted string on disk.
* @return string
*/
- function decrypt($text, $key, $input_encoding = ENC_HEX)
+ function decrypt($text, $key, $input_encoding = ENC_HEX, $no_cache = false)
{
if ( $text == '' )
return '';
@@ -871,7 +872,8 @@
$this->decrypt_cache[$key_bin][$text_bin] = $dypt;
- aes_decrypt_cache_store($text_bin, $dypt, $key_bin);
+ if ( !$no_cache )
+ aes_decrypt_cache_store($text_bin, $dypt, $key_bin);
return $dypt;
}
--- a/includes/sessions.php Tue Apr 01 01:26:22 2008 -0400
+++ b/includes/sessions.php Sun Apr 06 14:02:20 2008 -0400
@@ -516,7 +516,7 @@
$super = $this->validate_session($key);
}
}
- if(is_array($super))
+ if(is_array(@$super))
{
$this->auth_level = intval($super['auth_level']);
$this->sid_super = $_REQUEST['auth'];
@@ -3231,7 +3231,8 @@
// decrypt user info
$aes_key = hexdecode($aes_key);
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
- $userinfo_json = $aes->decrypt($userinfo_crypt, $aes_key, ENC_HEX);
+ // using "true" here disables caching of the decrypted login info (which includes the password)
+ $userinfo_json = $aes->decrypt($userinfo_crypt, $aes_key, ENC_HEX, true);
if ( !$userinfo_json )
{
return array(