xoops forums

wishcraft

Module Developer
Posted on: 2015/7/29 15:46
wishcraft
wishcraft (Show more)
Module Developer
Posts: 3711
Since: 2007/5/18
#1

@blowfish :: Encryption Requirement

We need to provided user sessioning blowfish encryption support and protection; this is a often congruent hash or piece of data that is used to salted the encryption; I suggest we provide the salt on the session via a discovery service; through the headers; so if any external site uses it; it get it from cURL headers when scrapping a XOOPS Site!


This example is how it would work:- XOOPS_LICENCE_KEY is the system salt; this is the blowfish salt!

$parts explode("."microtime(true));
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    if (!
session_id())
        
session_start();
    if (!isset(
$_SESSION['xoops_session_salt']))
        
$_SESSION['xoops_session_salt'] = sha1((float)(mt_rand(0,1)==1?'':'-').$parts[1].'.'.$parts[0]) / sqrt((float)$parts[1].'.'.intval(cosh($parts[0])))*tanh($parts[1]) * mt_rand(1intval($parts[0] / $parts[1])).XOOPS_LICENCE_KEY);
    if (!
headers_sent())
                  
header('Xoops-Blowfish-Salt: '$_SESSION['xoops_session_salt']);


This would be built normally into class/xoopssecurity.php