@@ -53,11 +53,16 @@ function Auth() {
5353 $ data = '' ;
5454 $ chksum = '' ;
5555 if (isset ($ _COOKIE ['ari_auth ' ])) {
56- $ buf = unserialize (stripslashes ($ _COOKIE ['ari_auth ' ]));
57- list ($ data ,$ chksum ) = $ buf ;
56+ $ buf = json_decode ($ _COOKIE ['ari_auth ' ],true );
57+ if (!is_array ($ buf )) {
58+ $ data = false ;
59+ $ chksum = false ;
60+ } else {
61+ list ($ data ,$ chksum ) = $ buf ;
62+ }
5863 }
5964 if (md5 ($ data ) == $ chksum ) {
60- $ data = unserialize ($ crypt ->decrypt ($ data ,$ ARI_CRYPT_PASSWORD ));
65+ $ data = json_decode ($ crypt ->decrypt ($ data ,$ ARI_CRYPT_PASSWORD ), true );
6166 $ username = $ data ['username ' ];
6267 $ password = $ data ['password ' ];
6368 }
@@ -290,11 +295,11 @@ function Auth() {
290295 if ($ auth && $ remember ) {
291296
292297 $ data = array ('username ' => $ username , 'password ' => $ password );
293- $ data = $ crypt ->encrypt (serialize ($ data ),$ ARI_CRYPT_PASSWORD );
298+ $ data = $ crypt ->encrypt (json_encode ($ data ),$ ARI_CRYPT_PASSWORD );
294299
295300 $ chksum = md5 ($ data );
296301
297- $ buf = serialize (array ($ data ,$ chksum ));
302+ $ buf = json_encode (array ($ data ,$ chksum ));
298303 setcookie ('ari_auth ' ,$ buf ,time ()+365 *24 *60 *60 ,'/ ' );
299304 }
300305
@@ -484,4 +489,4 @@ function GetForm() {
484489}
485490
486491
487- ?>
492+ ?>
0 commit comments