The 'key' for encryption can now be taken from fixed or daily-changed extra salt

diff --git a/inc/classes/main/crypto/class_CryptoHelper.php b/inc/classes/main/crypto/class_CryptoHelper.php
index 2765abddbbb163014a22046bdc09d0c8d9ddf323..aab378491f31119b6166e52ca99a700bb0f3ee82 100644 (file)
--- a/inc/classes/main/crypto/class_CryptoHelper.php
+++ b/inc/classes/main/crypto/class_CryptoHelper.php
@@ -168,7 +168,11 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable {
                $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
 
                // Get key
-               $key = md5($this->rngInstance->getFixedSalt());
+               if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') == "Y") {
+                       $key = md5($this->rngInstance->getFixedSalt());
+               } else {
+                       $key = md5($this->rngInstance->getExtraSalt());
+               }
 
                // Encrypt the string
                $encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $str, MCRYPT_MODE_ECB, $iv);
@@ -189,7 +193,11 @@ class CryptoHelper extends BaseFrameworkSystem implements Cryptable {
                $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
 
                // Get key
-               $key = md5($this->rngInstance->getFixedSalt());
+               if ($this->getConfigInstance()->readConfig('crypt_fixed_salt') == "Y") {
+                       $key = md5($this->rngInstance->getFixedSalt());
+               } else {
+                       $key = md5($this->rngInstance->getExtraSalt());
+               }
 
                // Encrypt the string
                $str = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $encrypted, MCRYPT_MODE_ECB, $iv);

diff --git a/inc/classes/main/helper/captcha/web/class_GraphicalCodeCaptcha.php b/inc/classes/main/helper/captcha/web/class_GraphicalCodeCaptcha.php
index b3e3b55148e5f855a1ba36fb99470189ee7694f9..6dcf0aa0223734c3300fe03eae76d32a977baa86 100644 (file)
--- a/inc/classes/main/helper/captcha/web/class_GraphicalCodeCaptcha.php
+++ b/inc/classes/main/helper/captcha/web/class_GraphicalCodeCaptcha.php
@@ -100,7 +100,7 @@ class GraphicalCodeCaptcha extends BaseCaptcha implements SolveableCaptcha {
                $searchChars = $this->getConfigInstance()->readConfig('captcha_search_chars');
 
                // Get fixed salt and use it as "replacement characters"
-               $replaceChars = $this->getRngInstance()->getFixedSalt();
+               $replaceChars = $this->getRngInstance()->getExtraSalt();
 
                // Remove any plus, equals or slashes
                for ($searchIdx = 0; $searchIdx < strlen($searchChars); $searchIdx++) {

diff --git a/inc/config.php b/inc/config.php
index 68f7d7c88fa910813ca8b1b23ded0b711f181bb4..145761fa3bae5edcc7ad6472ade05aad0713005f 100644 (file)
--- a/inc/config.php
+++ b/inc/config.php
@@ -269,5 +269,8 @@ $cfg->setConfigEntry('cookie_domain', $cfg->detectDomain()); // Is mostly the sa
 // CFG: COOKIE-SSL
 $cfg->setConfigEntry('cookie_ssl', (isset($_SERVER['HTTPS'])));
 
+// CFG: CRYPT-FIXED-SALT
+$cfg->setConfigEntry('crypt_fixed_salt', "N");
+
 // [EOF]
 ?>