summaryrefslogtreecommitdiffstats
path: root/system/libraries
diff options
context:
space:
mode:
authorQuinn Chrzan <quinnchrzan@gmail.com>2014-06-05 22:20:05 +0200
committerQuinn Chrzan <quinnchrzan@gmail.com>2014-06-05 22:20:05 +0200
commitc9f1aa4e453197fd32e49ce537635b11c670adb7 (patch)
tree8677c2102050c1a6372bb16c469cd52da7e3b07e /system/libraries
parent916b176594bcf175417423f33711ac0cbb4082e7 (diff)
Minor style fixes to improve readability in HMAC authentication
Diffstat (limited to 'system/libraries')
-rw-r--r--system/libraries/Session.php10
1 files changed, 7 insertions, 3 deletions
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 89c699765..b6c53c71d 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -145,7 +145,9 @@ class CI_Session {
}
// HMAC authentication
- if (($len = strlen($session) - 40) <= 0)
+ $len = strlen($session) - 40;
+
+ if ($len <= 0)
{
log_message('error', 'Session: The session cookie was not signed.');
return FALSE;
@@ -158,9 +160,11 @@ class CI_Session {
// Time-attack-safe comparison
$hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
$diff = 0;
+
for ($i = 0; $i < 40; $i++)
{
- $diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
+ $xor = ord($hmac[$i]) ^ ord($hmac_check[$i]);
+ $diff |= $xor;
}
if ($diff !== 0)
@@ -789,4 +793,4 @@ class CI_Session {
// END Session Class
/* End of file Session.php */
-/* Location: ./system/libraries/Session.php */ \ No newline at end of file
+/* Location: ./system/libraries/Session.php */