Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-07 00:14:40 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Switch to a more secure method for generation of the token for request for a password restore

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-09-13 19:36:56 +04:00
parent e61706955a
commit 2334a0ed0a
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/messenger/webim/operator/restore.php
View File

@ -38,7 +38,8 @@ if (isset($_POST['loginoremail'])) {
}
if (count($errors) == 0) {
$token = md5((time() + microtime()) . rand(0, 99999999));
$token = sha1($torestore['vclogin'] . (function_exists('openssl_random_pseudo_bytes') ? openssl_random_pseudo_bytes(32) : (time() + microtime()) . mt_rand(0, 99999999)));
$link = connect();
$query = sprintf("update ${mysqlprefix}chatoperator set dtmrestore = CURRENT_TIMESTAMP, vcrestoretoken = '%s' where operatorid = %s", mysql_real_escape_string($token, $link), intval($torestore['operatorid']));