Skip to content

Crash if Stay signed in (for up to 90 days) is ticked #1183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dimuller opened this issue Apr 12, 2025 · 0 comments
Open

Crash if Stay signed in (for up to 90 days) is ticked #1183

dimuller opened this issue Apr 12, 2025 · 0 comments

Comments

@dimuller
Copy link
Contributor

The system crashes if I try to login with the field Stay signed in (for up to 90 days)

This code is already very old and I'm curious if it ever worked?

The reason is an integer value as cookie parameter.
You find the following code in app\system\core\classes\RememberMeCore.php and as you can see the profileId, which is an Integer, is passed as cookie value.

public function enableSession(stdClass $oUserData): void
{
    $aCookieData = [
        // Hash one more time the password for the cookie
        'member_remember' => Security::hashCookie($oUserData->password),
        'member_id' => $oUserData->profileId
    ];
    (new Cookie)->set($aCookieData, null, self::$iCookieDuration);
}

This results in a crash in the Cookie class function set, which is defined in framework\Cookie\Cookie.class.php.

public function set($mName, ?string $sValue = null, ?int $iTime = null, ?bool $bSecure = null): void
{
    $iTime = time() + ((int)!empty($iTime) ? $iTime : Config::getInstance()->values['cookie']['expiration']);
    $bSecure = !empty($bSecure) && is_bool($bSecure) ? $bSecure : Server::isHttps();

    if (is_array($mName)) {
        foreach ($mName as $sName => $sVal) {
            $this->set($sName, $sVal, $iTime, $bSecure);
        }
    } else {
        $sCookieName = Config::getInstance()->values['cookie']['prefix'] . $mName;

        /* Check if we are not in localhost mode, otherwise may not work */
        if (!Server::isLocalHost()) {
            setcookie(
                $sCookieName,
                $sValue,
                $iTime,
                Config::getInstance()->values['cookie']['path'],
                Config::getInstance()->values['cookie']['domain'],
                $bSecure,
                true
            );
        } else {
            setcookie(
                $sCookieName,
                $sValue,
                $iTime,
                PH7_SH
            );
        }
    }
}

I fixed the problem with the following conversion:

public function enableSession(stdClass $oUserData): void
{
    $aCookieData = [
        // Hash one more time the password for the cookie
        'member_remember' => Security::hashCookie($oUserData->password),
        'member_id' => (string) $oUserData->profileId
    ];
    (new Cookie)->set($aCookieData, null, self::$iCookieDuration);
}

Maybe you prefer to fix the problem in the Cookie set function.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dimuller