From 9bf48d27b182d5934d88b53d28b035703b68b79f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 28 Sep 2016 09:08:49 -0400 Subject: [PATCH] implement caching the authhash in the session --- web/includes/functions.php | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index ae2f5ad1c..18be85666 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -145,19 +145,25 @@ function getAuthUser( $auth ) { function generateAuthHash( $useRemoteAddr ) { if ( ZM_OPT_USE_AUTH && ZM_AUTH_RELAY == "hashed" ) { - $time = localtime(); - if ( $useRemoteAddr ) { - $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; + if ( $_SESSION['AuthHashGeneratedAt'] < time() - 3600 or ! isset($_SESSION['AuthHash']) ) { + # Don't both regenerating Auth Hash if an hour hasn't gone by yet + $time = localtime(); + if ( $useRemoteAddr ) { + $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$_SESSION['remoteAddr'].$time[2].$time[3].$time[4].$time[5]; + } else { + $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; + } + $auth = md5( $authKey ); + if ( session_status() == PHP_SESSION_NONE ) { + session_start(); + $_SESSION['AuthHashGeneratedAt'] = time(); + $_SESSION['AuthHash'] = $auth; + session_write_close(); + } else { + $_SESSION['AuthHashGeneratedAt'] = time(); + } } else { - $authKey = ZM_AUTH_HASH_SECRET.$_SESSION['username'].$_SESSION['passwordHash'].$time[2].$time[3].$time[4].$time[5]; - } - $auth = md5( $authKey ); - if ( session_status() == PHP_SESSION_NONE ) { - session_start(); - $_SESSION['AuthHashGeneratedAt'] = time(); - session_write_close(); - } else { - $_SESSION['AuthHashGeneratedAt'] = time(); + return $_SESSION['AuthHash']; } } else { $auth = "";