/**
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: globalfunctions.php,v 1.12 2007-04-06 22:08:56 kmorimatsu Exp $
- * $NucleusJP: globalfunctions.php,v 1.11 2007/04/06 21:25:58 kmorimatsu Exp $
+ * @version $Id: globalfunctions.php,v 1.13 2007-04-09 23:20:52 kmorimatsu Exp $
+ * $NucleusJP: globalfunctions.php,v 1.12 2007/04/06 22:08:56 kmorimatsu Exp $
*/
// needed if we include globalfunctions from install.php
$login = postVar('login');
$pw = postVar('password');
$shared = intPostVar('shared'); // shared computer or not
+
+ $pw=substr($pw,0,40); // avoid md5 collision by using a long key
if ($member->login($login, $pw) ) {
// Cookie Authentication
$ck=cookieVar($CONF['CookiePrefix'] . 'loginkey');
// secure cookie key
+ $ck=substr($ck,0,32); // avoid md5 collision by using a long key
if ($CONF['secureCookieKey']!=='none') $ck=md5($ck.$CONF['secureCookieKeyIP']);
$res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] . 'user'), $ck );
unset($ck);
/**
* @license http://nucleuscms.org/license.txt GNU General Public License
* @copyright Copyright (C) 2002-2007 The Nucleus Group
- * @version $Id: globalfunctions.php,v 1.22 2007-04-06 22:08:39 kmorimatsu Exp $
- * $NucleusJP: globalfunctions.php,v 1.21 2007/04/06 21:25:30 kmorimatsu Exp $
+ * @version $Id: globalfunctions.php,v 1.23 2007-04-09 23:21:34 kmorimatsu Exp $
+ * $NucleusJP: globalfunctions.php,v 1.22 2007/04/06 22:08:39 kmorimatsu Exp $
*/
// needed if we include globalfunctions from install.php
$login = postVar('login');
$pw = postVar('password');
$shared = intPostVar('shared'); // shared computer or not
+
+ $pw=substr($pw,0,40); // avoid md5 collision by using a long key
if ($member->login($login, $pw) ) {
// Cookie Authentication
$ck=cookieVar($CONF['CookiePrefix'] . 'loginkey');
// secure cookie key
+ $ck=substr($ck,0,32); // avoid md5 collision by using a long key
if ($CONF['secureCookieKey']!=='none') $ck=md5($ck.$CONF['secureCookieKeyIP']);
$res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] . 'user'), $ck );
unset($ck);