From c9f1aa4e453197fd32e49ce537635b11c670adb7 Mon Sep 17 00:00:00 2001
From: Quinn Chrzan <quinnchrzan@gmail.com>
Date: Thu, 5 Jun 2014 16:20:05 -0400
Subject: Minor style fixes to improve readability in HMAC authentication

---
 system/libraries/Session.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'system')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index 89c699765..b6c53c71d 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -145,7 +145,9 @@ class CI_Session {
 		}
 
 		// HMAC authentication
-		if (($len = strlen($session) - 40) <= 0)
+		$len = strlen($session) - 40;
+
+		if ($len <= 0)
 		{
 			log_message('error', 'Session: The session cookie was not signed.');
 			return FALSE;
@@ -158,9 +160,11 @@ class CI_Session {
 		// Time-attack-safe comparison
 		$hmac_check = hash_hmac('sha1', $session, $this->encryption_key);
 		$diff = 0;
+
 		for ($i = 0; $i < 40; $i++)
 		{
-			$diff |= ord($hmac[$i]) ^ ord($hmac_check[$i]);
+			$xor = ord($hmac[$i]) ^ ord($hmac_check[$i]);
+			$diff |= $xor;
 		}
 
 		if ($diff !== 0)
@@ -789,4 +793,4 @@ class CI_Session {
 // END Session Class
 
 /* End of file Session.php */
-/* Location: ./system/libraries/Session.php */
\ No newline at end of file
+/* Location: ./system/libraries/Session.php */
-- 
cgit v1.2.3-24-g4f1b