diff options
| author | Simon Rettberg | 2016-05-19 15:46:30 +0200 |
|---|---|---|
| committer | Simon Rettberg | 2016-05-19 15:46:30 +0200 |
| commit | bc959df0c9df3fdf250fb93ef30dbb81cbd848c7 (patch) | |
| tree | 15344f7f9db92c4a9698015af5ca2fa0f03dec5d /inc | |
| parent | [baseconfig] Remove pointless TODO (diff) | |
| download | slx-admin-bc959df0c9df3fdf250fb93ef30dbb81cbd848c7.tar.gz slx-admin-bc959df0c9df3fdf250fb93ef30dbb81cbd848c7.tar.xz slx-admin-bc959df0c9df3fdf250fb93ef30dbb81cbd848c7.zip | |
Fix CSRF token checking; improve token/sid generation
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/session.inc.php | 10 | ||||
| -rw-r--r-- | inc/user.inc.php | 12 | ||||
| -rw-r--r-- | inc/util.inc.php | 6 |
3 files changed, 18 insertions, 10 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php index b4299e06..26effa3f 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -11,11 +11,11 @@ class Session private static $sid = false; private static $data = false; - private static function generateSessionId() + private static function generateSessionId($salt) { if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.'); - self::$sid = sha1( - mt_rand(0, 65535) + self::$sid = sha1($salt . ',' + . mt_rand(0, 65535) . $_SERVER['REMOTE_ADDR'] . mt_rand(0, 65535) . $_SERVER['REMOTE_PORT'] @@ -27,9 +27,9 @@ class Session ); } - public static function create() + public static function create($salt = '') { - self::generateSessionId(); + self::generateSessionId($salt); self::$data = array(); } diff --git a/inc/user.inc.php b/inc/user.inc.php index 595f4745..49500aa2 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -56,9 +56,17 @@ class User return false; if (!Crypto::verify($pass, $ret['passwd'])) return false; - Session::create(); + Session::create($ret['passwd']); Session::set('uid', $ret['userid']); - Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'])); + Session::set('token', md5($ret['passwd'] . ',' + . rand() . ',' + . time() . ',' + . rand() . ',' + . $_SERVER['REMOTE_ADDR'] . ',' + . rand() . ',' + . $_SERVER['REMOTE_PORT'] . ',' + . rand() . ',' + . $_SERVER['HTTP_USER_AGENT'])); Session::save(); return true; } diff --git a/inc/util.inc.php b/inc/util.inc.php index c0b77f96..1b29aa39 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -103,7 +103,7 @@ SADFACE; } /** - * Verify the user's token that protects agains CSRF. + * Verify the user's token that protects against CSRF. * If the user is logged in and there is no token variable set in * the request, or the submitted token does not match the user's * token, this function will return false and display an error. @@ -111,9 +111,9 @@ SADFACE; */ public static function verifyToken() { - if (Session::get('main.token') === false) + if (!User::isLoggedIn() && Session::get('token') === false) return true; - if (isset($_REQUEST['main.token']) && Session::get('main.token') === $_REQUEST['main.token']) + if (isset($_REQUEST['token']) && Session::get('token') === $_REQUEST['token']) return true; Message::addError('main.token'); return false; |