diff options
| author | Quinn Chrzan <quinnchrzan@gmail.com> | 2014-06-05 22:20:05 +0200 |
|---|---|---|
| committer | Quinn Chrzan <quinnchrzan@gmail.com> | 2014-06-05 22:20:05 +0200 |
| commit | c9f1aa4e453197fd32e49ce537635b11c670adb7 (patch) | |
| tree | 8677c2102050c1a6372bb16c469cd52da7e3b07e | |
| parent | 916b176594bcf175417423f33711ac0cbb4082e7 (diff) | |
Minor style fixes to improve readability in HMAC authentication
| -rw-r--r-- | system/libraries/Session.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php index 89c699765..b6c53c71d 100644 --- a/system/libraries/Session.php +++ b/system/libraries/Session.php @@ -145,7 +145,9 @@ class CI_Session { } // HMAC authentication - if (($len = strlen($session) - 40) <= 0) + $len = strlen($session) - 40; + + if ($len <= 0) { log_message('error', 'Session: The session cookie was not signed.'); return FALSE; @@ -158,9 +160,11 @@ class CI_Session { // Time-attack-safe comparison $hmac_check = hash_hmac('sha1', $session, $this->encryption_key); $diff = 0; + for ($i = 0; $i < 40; $i++) { - $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]); + $xor = ord($hmac[$i]) ^ ord($hmac_check[$i]); + $diff |= $xor; } if ($diff !== 0) @@ -789,4 +793,4 @@ class CI_Session { // END Session Class /* End of file Session.php */ -/* Location: ./system/libraries/Session.php */
\ No newline at end of file +/* Location: ./system/libraries/Session.php */ |