FSN#37512 PENTEST 4.5.4 Sterkere random getallen

svn path=/Website/trunk/; revision=30396

APPL/Shared/Login.inc

@@ -45,8 +45,6 @@ function doLogin(prs_key, params)
     if (typeof LCL_Disable == "undefined")
         lcl.loadLCL();
 
-    Session("user_key") = user_key;
-
     // http://www.owasp.org/index.php/Session_Fixation_Protection
     var FACSESSIONID = shared.random(32); // genereer grote random string.
     var ASPFIXATION = Session("customerId") + FACSESSIONID;
@@ -86,9 +84,12 @@ function doLogin(prs_key, params)
         Oracle.Execute(sql);
     }
 
-    var registersql = "UPDATE prs_perslid SET prs_perslid_login = SYSDATE"
+    var registersql = "UPDATE prs_perslid"
+                    + "   SET prs_perslid_login = SYSDATE"
                     + " WHERE prs_perslid_key=" + user_key;
     Oracle.Execute(registersql);
+
+    Session("user_key") = user_key; /* Nu ben je pas *echt* ingelogd
     /* global */ user = new Perslid(user_key);
 
     // FACFAC tracken we altijd

APPL/Shared/Shared.inc

@@ -142,8 +142,15 @@ var shared = {
       random: function (len)
       {
         len = len || 32;
-        var oCrypto = new ActiveXObject("SLNKDWF.Crypto"); // requires version 4.14
-        var rnd = oCrypto.b64_random(len / 8 * 6); // 6 bit * 32 = 192 bit equivalent
+        try
+        {
+            var oCrypto = new ActiveXObject("SLNKDWF.Crsypto"); // requires version 4.14
+            var rnd = oCrypto.b64_random(len / 8 * 6); // 6 bit * 32 = 192 bit equivalent
+        }
+        catch(e)
+        {   // Minstens versie 4.14 voor random
+            abort_with_warning("SLNKDWF.DLL not properly installed or too old version.\n{0}".format(e.description));
+        }
         return rnd.substr(0, len);
       },