Revisions for framework/Secret/Secret.php

MFH 1.58

Util:: is required here.

MFH 1.57

Tags: HORDE_3_3, HORDE_3_3_RC1

fix variable name

MFH 1.56

Combine a bunch of duplicate code into private helper functions.
Use error_reporting() instead of '@' as it is much faster.

Happy New Year

Tags: HORDE_3_2_2, HORDE_3_2_1, HORDE_3_2, HORDE_3_2_RC4, HORDE_3_2_RC3, HORDE_3_2_RC2

Happy New Year

Merge from HEAD.

Return false instead of generating encryption errors if $key is empty (Bug #5925).

Tags: BEFORE_MERGE_3_2

Happy New Year

Tags: HORDE_3_1_9, HORDE_3_1_8, HORDE_3_1_7, HORDE_3_1_6, HORDE_3_1_5, HORDE_3_1_4, HORDE_3_1_4_RC1

Happy New Year

Tags: HORDE_3_2_RC1, HORDE_3_2_ALPHA

Assign copyright to The Horde Project for those copyright holders that already agreed to it.

Bug: 3386
MFH: Horde.php - 1.576; Secret.php - 1.51

Tags: HORDE_3_1_3, HORDE_3_1_2, HORDE_3_1_1, HORDE_3_1

Bug: 3386
Reset cookies on login to prevent cookie timeouts.

Happy new year

Tags: HORDE_3_1_RC3, HORDE_3_1_RC2, HORDE_3_1_RC1

Happy new year\!

Merged from HEAD.

MFH: Remove "@access public" and fix formatting/wrapping.

Tags: HORDE_3_0_12, HORDE_3_0_11, HORDE_3_0_10, HORDE_3_0_9, HORDE_3_0_8, HORDE_3_0_7, HORDE_3_0_6, HORDE_3_0_6_RC1, HORDE_3_0_5, HORDE_3_0_5_RC2, HORDE_3_0_5_RC1

Remove "@access public" and fix formatting/wrapping.

Tags: BEFORE_MERGE_3_1

MFH: "optional" not needed in phpdoc.

"optional" not needed in phpdoc.

MFH: session_set_cookie_params() expects a relative timeout; setcookie wants
absolute. Go back to a configinteger for $conf['session']['timeout'] and
add time() to that value in setcookie() calls (Bugs #1302, #1658).

[cjh] session_set_cookie_params() expects a relative timeout; setcookie wants
absolute. Go back to a configinteger for $conf['session']['timeout'] and
add time() to that value in setcookie() calls (Bugs #1302, #1658).

Happy New Year

Happy New Year

Tags: HORDE_3_0_4, HORDE_3_0_4_RC2, HORDE_3_0_4_RC1, HORDE_3_0_3, HORDE_3_0_3_RC1, HORDE_3_0_2, HORDE_3_0_1

This apparently fixes severe problems for some people.

Tags: FRAMEWORK_3, HORDE_3_0, HORDE_3_0_RC3

Small tweaks, be consistent with cookie-setting. Also go back to using the session_id()
for the key if we can't set a cookie.

oops. parse.

Avoid array_key_exists.

honour the cookie timeout value in conf

No more HORDE_LIBS.

Mark cookies as secure if $conf['use_ssl'] is 1.

Bug: 1311

Tags: HORDE_3_0_ALPHA

Happy new year everyone.

Get Horde_Cipher from the framework.

Fix package name

Use the new Util:: class.

Comment

MFH: Optimizations of Scret:: and Horde_Cipher:: drivers.

Tags: HORDE_2_2_4_RC2, HORDE_2_2_4_RC1, HORDE_2_2_4, HORDE_2_2_3, HORDE_2_2_2

If we use transparent authentication, the user already gets logged in at
the very first page request. At this moment we haven't any cookie set yet,
hence Secret::getKey() falls back to the non-cookie key.
If login.php is loaded into the frameset on the second request, a cookie
exists and a new key is generated making the old one (and everything
encrypted with it, like the credentials from the transparent authentication)
invalid.
The only solution I came up with is to set the cookie key with the fallback
key to have a consistent key through the whole session, even if cookies get
"turned on" during the session.

Added Horde::extensionExists() to cache extension_loaded() calls.

Cache the Horde_Cipher in write() also

Cache the Horde_Cipher object in Secret::read() so key is not generated everytime the cipher object is created.
Reduces horde_cipher_blowfish::encryptblock() call from 3672 to 25 :-)

MFH 1.29: Strip padding characters.

Strip padding characters.

From the PHP manual (mdecrypt_generic):
Note that the length of the returned string can in fact be longer then the
unencrypted string, due to the padding of the data.

fix blockmode name

No need to call srand() since PHP 4.2.0.

Fix for older PHP versions.

Tags: HORDE_2_2_1, HORDE_2_2_1_RC1, HORDE_2_2, HORDE_2_2_RC2

Bump year.

Tags: HORDE_2_2_RC1

Bump year.

MFH:
[jan] Change Secret:: from using PEAR Crypt_HCEMD5 to the Horde_Cipher class
(mac).
[jan] Add Horde_Cipher:: class to provide a common abstracted interface to
various Ciphers for encryption of arbitrary length pieces of data (mac).

Another deprecated function call.

Mcrypt is NOT broken, as far as I can tell.  And it is MUCH, MUCH more
efficient than the PHP alternative.

mcrypt_generic_end() is deprecated.

It appeared as if we were not using mcrypt at all - fixed that.  Now, at
least on my machine, with mcrypt built into PHP, logins are 3 times faster.
That's right, you heard correctly, 3 TIMES FASTER. WOW! (On high-end
machines this may not make much of a difference, but on my AMD K6-350 it
is very, very noticable).
phpdoc, private function naming, array_key_exists() usage.

[mac] Change Secret:: from using PEAR Crypt_HCEMD5 to the Horde_Cipher class.

Do a bit more error checking, and maybe, maybe fix up some of the
unserialize problems.

MFH: Added LGPL license information to the top of all Horde library files.

Added LGPL license information (per CODING_STANDARDS) to the top of all
Horde library files.  My fingers hurt.

* Rename config/horde.php to config/conf.php.
* Move cookie_domain, cookie_path, server_name, and server_port into
  horde/conf.php.
* Add a parameter for setting the session cache_limiter.

MFH:
* Add Horde::createTempDir().
* Add Horde::usingSSLConnection().
* Replace <?= with <?php echo to remove the short_open_tags requirement.
* Add Text::toHTML(), Text::highlightQuotes() and Text::dimSignature().
* Add Registry::listApps().
* Add Prefs::getPref() for getting preferences for someone other than the
  logged-in user.
* Add the ability to load identities for someone other than the logged-in
  user.
* Add Horde::removeParameter().
* Add Browser::downloadHeaders().
* Add detection for UTF capability to Browser class.

Use superglobal arrays.

Submitted by: Nuno Loureiro <nuno@co.eth.pt>

phpdoc updates/commenting fixes

The last bunch of superglobals patches.

Submitted by: Nuno Loureiro <nuno@eth.pt>

Kill trailing whitespace (to reduce diffs with HEAD).

Tags: HORDE_2_1, HORDE_2_1_RC3, HORDE_2_1_RC2

Kill trailing whitespace.

nit

Tags: HORDE_2_1_RC1

MFH: add $Horde: $, fix secret cookie test.

add $Horde: $

check for the session cookie, not just any old cookie - you might be getting an old cookie.

MFH 1.13: don't set the secret cookie if it's already there, and use
$registry->getParam().

Tags: HORDE_2_0_RC4, HORDE_2_0_RC3, HORDE_2_0

don't set the key cookie if it's already there, and also use $registry->getParam()

add better error checking, in the case that we're able to re-enable mcrypt
support.

Tags: RELENG_2, HORDE_2_0_RC2, HORDE_2_0_0_RC1

mcrypt is broken, so break the function check not to use it.

Cleanup: change all the $conf['paths'] variables to query this information
from the registry using the new API functions:

getTemplatePath(), getWebRoot(), getFileRoot(), getGraphicsPath()

Update your config files!

fix setcookie arguments

Add cookie_path and cookie_domain settings for people who keep apps outside
of the Horde webroot or on multiple servers.

Remove (presumably) debugging code.

use the Horde base url as the path for secret cookies.

Switch from MCRYPT_BLOWFISH to MCRYPT_GOST, which should solve the segfault
problem that people have been experiencing when logging in.

libmcrypt-2.4.9 broke back-compat due to an endian-ness problem in blowfish,
and PHP-4.0.4pl1 doesn't work with it anymore.  The problem is fixed in
PHP-4.0.5-dev, so this is a temporary measure to avoid everyone having to
upgrade to latest CVS (which is somewhat unstable for at the moment!)

This can be reverted to BLOWFISH when everything is stable again.  Btw,
GOST is the "Gosudarstvennyi Standard" from the former USSR.  Cool, huh?

Tags: HORDE_1_3_4

try using the mt_ random number functions.

oops, turba won't work without these.

- Add getKey() and setKey() to the Secret:: class. These are generic functions;
there's no need for them to be in every Horde app.

whitespace...

Woof:

- break core Horde classes (Lang, Secret, ObjectStore (renamed from
  SessionCache), etc. out into their own files.
- include them where necessary, usually in an app's lib/base.php file.
- core package names are all now lowercase.
- a bit more documentation work, but that's mostly to come.
- classes all now follow a convention of capitalizing words and acronyms
- documentation is updated accordingly
- logic is built in to the factory() methods to account for case in driver
  names.