fixed bugs: IV and key were created twice; cookies could only be accessed from templates-folder

now user is logged in with his username and password

lam/templates/login.inc

@@ -22,9 +22,14 @@ $Id$
 
   LDAP Account Manager main login page.
 */
-?>
 
-<?
+// generate 256 bit key and initialization vector for user/passwd-encryption
+$key = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+$iv = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+
+// save both in cookie
+setcookie("Key", base64_encode($key), 0, "/");
+setcookie("IV", base64_encode($iv), 0, "/");
 
 // loading available languages from language.conf file
 

lam/templates/login.php

@@ -36,14 +36,6 @@ $session_save_path .= "/sess";
 
 session_save_path($session_save_path); // Set session save path
 @session_start(); // Start LDAP Account Manager session
-// generate 256 bit key and initialization vector for user/passwd-encryption
-$key = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
-$iv = mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
-
-// save both in cookie
-setcookie("Key", base64_encode($key));
-setcookie("IV", base64_encode($iv));
-
 // checking if the submitted username/password is correct.
 if($action == "checklogin")
 {

lam/templates/logout.php

@@ -24,8 +24,8 @@ $Id$
 */
 
 // delete key and iv in cookie
-setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
-setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
 
 include_once("../lib/ldap.php");