Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-01 05:44:41 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Implement more secure methods for the generation of tokens

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-10-29 02:57:43 +04:00
parent 58e8dcd5f6
commit 0792bf98bd
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/mibew/libs/classes/request_processor.php
View File

@ -270,6 +270,7 @@ abstract class RequestProcessor {
} }
// Create request // Create request
// TODO: evaluate a possibility of using more secure method of the generation of token
$token = md5(microtime() . rand()); $token = md5(microtime() . rand());
$request = array( $request = array(
'token' => $token, 'token' => $token,

9
src/mibew/libs/classes/thread.php
View File

@ -463,7 +463,14 @@ Class Thread {
* @return int Thread token * @return int Thread token
*/ */
protected static function nextToken() { protected static function nextToken() {
return rand(99999, 99999999); if (function_exists('openssl_random_pseudo_bytes')) {
$token_arr = unpack('N', "\x0" . openssl_random_pseudo_bytes(3));
$token = $token_arr[1];
}
else {
$token = mt_rand(99999, 99999999);
}
return $token;
} }
/** /**

2
src/mibew/operator/restore.php
View File

@ -38,7 +38,7 @@ if (isset($_POST['loginoremail'])) {
} }
if (count($errors) == 0) { if (count($errors) == 0) {
$token = md5((time() + microtime()) . rand(0, 99999999)); $token = sha1($torestore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));
$db = Database::getInstance(); $db = Database::getInstance();
$db->query( $db->query(