Odyssey
ck_hticket.i
1 <?php
2 
3  // Default values for the Cookie information
4  // Set some default values
5  //$TicketExpires=1800; //Lifespan of cookie
6  //$TicketDomain = ".homecu.net";
7  //$TicketDomain = $_SERVER['SERVER_NAME'];
8  $staleafter=0;
9 
10  // include ('rebkck.php');
11 
12  function ReturnAddress () {
13  //global $TicketDomain;
14  global $SYSENV;
15  global $https_or_http;
16 
17  // Called when the cookie is missing, expired, or damaged. Sets return address
18  // to the name of the current script so cu_login knows where to go afterwards.
19 
20  // print "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "?" . urlencode($_SERVER['QUERY_STRING']);
21  // setcookie("Tx_hURI", $https_or_http . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?" . urlencode($_SERVER['QUERY_STRING']), time() + 86400, "/", $TicketDomain, 1);
22  HCU_setcookie_env($SYSENV, "Tx_hURI", $https_or_http . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?" . urlencode($_SERVER['QUERY_STRING']), time() + 86400);
23  }
24  // Validate Ticket
25  $result = 1;
26  if (empty($_COOKIE['HCUTicket'])) {
27  $result = 0; // No
28 
29  } else {
30  $ticket = $_COOKIE['HCUTicket'];
31 
32  // parse_str puts all the cookie values as variables in this script. So now I
33  // have variabls $Cu, $Cn, $Cip, etc., corresponding to everything I put in
34  // the Ticket cookie.
35  parse_str($ticket);
36  if ($Ce < time()) {
37  $result = 0; // Ticket has expired
38  }
39 
40  if (is_null($Hu) || is_null($Ctime) || is_null($Ch) || is_null ($Clu) || is_null($Ce)) {
41  $result = 0; //Partial ticket, try again
42  }
43 
44  $secret = 'xoiilh6RFoogeMb4';
45 
46  // Everytime we have a successful check on the cookie we should try and reset the cookie
47  // with the new current time. This way the user is timed out based on idle status rather than
48  // Session time length.
49 
50  /* -- VARIABLES in cookie
51  Hu - HomeCu User
52  Ce - Cookie Expires Time
53  Ctime - Time cookie was made
54  Ch - Cookie Hashed value
55  Clu - Lastupdate time
56  */
57  /* print ("
58  Ctime - $Ctime<br>
59  Ce - $Ce<br>
60  Hu - $Hu<br>
61  <br>check ticket "); */
62  if ($Ch != MD5($secret . MD5(join (':', array($secret, $Ctime, $Ce, $Hu, $Clu))))) {
63  $result = 0; // hash doesn't match, someone is hacking
64  }
65 /*
66  if ($Cip != $_SERVER['REMOTE_ADDR']) {
67  $result = 0; // Different IP -- not good.
68  }
69 */
70 
71  }
72  // apache_note sets variables for web server logging. Used later to split
73  // web logfiles by credit union
74 
75  // for debugging on concept-vm; put back later 2016.07.05
76  // apache_note(user_name,"M${Cid}:${Cn}");
77 
78  if (! $result) {
79  // if any of the cookie tests failed set the return address, redirect to login,
80  // and then exit so the rest of the current script doesn't get executed.
81 
82  ReturnAddress();
83 
84  header("Location: $menu_link/hcu_login.prg?" . $_SERVER['QUERY_STRING']);
85  exit;
86 // } else {
87  // Everything was okay we have a result other than 0, so I want to setup a variable to be the teps array
88  }
89 ?>
Generated by   doxygen 1.8.15