1
We need to provided user sessioning blowfish encryption support and protection; this is a often congruent hash or piece of data that is used to salted the encryption; I suggest we provide the salt on the session via a discovery service; through the headers; so if any external site uses it; it get it from cURL headers when scrapping a XOOPS Site!
This example is how it would work:- XOOPS_LICENCE_KEY is the system salt; this is the blowfish salt!
$parts = explode(".", microtime(true));
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
if (!session_id())
session_start();
if (!isset($_SESSION['xoops_session_salt']))
$_SESSION['xoops_session_salt'] = sha1((float)(mt_rand(0,1)==1?'':'-').$parts[1].'.'.$parts[0]) / sqrt((float)$parts[1].'.'.intval(cosh($parts[0])))*tanh($parts[1]) * mt_rand(1, intval($parts[0] / $parts[1])).XOOPS_LICENCE_KEY);
if (!headers_sent())
header('Xoops-Blowfish-Salt: '. $_SESSION['xoops_session_salt']);
This would be built normally into class/xoopssecurity.php
