From 5b52fb00d286a28b14543dcc8a537f375e97ee64 Mon Sep 17 00:00:00 2001
From: Vincent Zanotti <vincent.zanotti@m4x.org>
Date: Mon, 15 Jun 2009 17:14:46 +0200
Subject: [PATCH] Removes direct uses of the ORGuid cookie (cookies should
 preferrably only by ever accessed through XorgSession abstractions).

Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
---
 htdocs/javascript/do_challenge_response_logged.js |  2 +-
 plugins/insert.getUserName.php                    | 26 +++++++++++------------
 templates/core/password_prompt_logged.tpl         |  2 +-
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/htdocs/javascript/do_challenge_response_logged.js b/htdocs/javascript/do_challenge_response_logged.js
index 208e8d8..f96f7c9 100644
--- a/htdocs/javascript/do_challenge_response_logged.js
+++ b/htdocs/javascript/do_challenge_response_logged.js
@@ -36,7 +36,7 @@ function doChallengeResponse() {
     var new_pass = hash_encrypt(document.forms.login.password.value);
     var old_pass = MD5(document.forms.login.password.value);
     
-    str = readCookie('ORGuid') + ":" +
+    str = document.forms.loginsub.username.value + ":" +
         hash_encrypt(document.forms.login.password.value) + ":" +
         document.forms.loginsub.challenge.value;
 
diff --git a/plugins/insert.getUserName.php b/plugins/insert.getUserName.php
index bd7af29..47e6251 100644
--- a/plugins/insert.getUserName.php
+++ b/plugins/insert.getUserName.php
@@ -31,20 +31,20 @@ function smarty_insert_getUsername()
     }
 
     if (Cookie::v('domain', 'login') != 'alias') {
-	$res = XDB::query("SELECT  alias FROM aliases
-	                              WHERE  id={?} AND (type IN ('a_vie','alias') AND FIND_IN_SET('bestalias', flags))", $id);
-	return $res->fetchOneCell();
+        $res = XDB::query("SELECT  alias FROM aliases
+                            WHERE  id={?} AND (type IN ('a_vie','alias') AND FIND_IN_SET('bestalias', flags))", $id);
+        return $res->fetchOneCell();
     } else {
-	$res = XDB::query("
-		SELECT v.alias
-	          FROM virtual AS v
-	    INNER JOIN virtual_redirect USING(vid)
-	    INNER JOIN aliases AS a ON(id={?} AND a.type='a_vie')
-                 WHERE redirect = CONCAT(a.alias, {?})
-		       OR redirect = CONCAT(a.alias, {?})",
-		$id, "@".$globals->mail->domain, "@".$globals->mail->domain2);
-	$alias = $res->fetchOneCell();
-	return substr($alias, 0, strpos($alias, "@"));
+        $res = XDB::query("
+            SELECT  v.alias
+              FROM  virtual AS v
+        INNER JOIN  virtual_redirect USING(vid)
+        INNER JOIN  aliases AS a ON(id={?} AND a.type='a_vie')
+             WHERE  redirect = CONCAT(a.alias, {?})
+                    OR redirect = CONCAT(a.alias, {?})",
+            $id, "@".$globals->mail->domain, "@".$globals->mail->domain2);
+        $alias = $res->fetchOneCell();
+        return substr($alias, 0, strpos($alias, "@"));
      }
 
      return $login;
diff --git a/templates/core/password_prompt_logged.tpl b/templates/core/password_prompt_logged.tpl
index 7839ae9..981205e 100644
--- a/templates/core/password_prompt_logged.tpl
+++ b/templates/core/password_prompt_logged.tpl
@@ -64,7 +64,7 @@
   <div>
     {xsrf_token_field}
     <input type="hidden" name="challenge" value="{$smarty.session.challenge}" />
-    <input type="hidden" name="username"  value="{$smarty.cookies.ORGuid}" />
+    <input type="hidden" name="username"  value="{$smarty.session.uid}" />
     <input type="hidden" name="xorpass"  value="" />
     <input type="hidden" name="remember"  value="" />
     <input type="hidden" name="response"  value="" />
-- 
2.1.4