summaryrefslogtreecommitdiffstats
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rw-r--r--inc/session.inc.php10
-rw-r--r--inc/user.inc.php12
-rw-r--r--inc/util.inc.php6
3 files changed, 18 insertions, 10 deletions
diff --git a/inc/session.inc.php b/inc/session.inc.php
index b4299e06..26effa3f 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -11,11 +11,11 @@ class Session
private static $sid = false;
private static $data = false;
- private static function generateSessionId()
+ private static function generateSessionId($salt)
{
if (self::$sid !== false) Util::traceError('Error: Asked to generate session id when already set.');
- self::$sid = sha1(
- mt_rand(0, 65535)
+ self::$sid = sha1($salt . ','
+ . mt_rand(0, 65535)
. $_SERVER['REMOTE_ADDR']
. mt_rand(0, 65535)
. $_SERVER['REMOTE_PORT']
@@ -27,9 +27,9 @@ class Session
);
}
- public static function create()
+ public static function create($salt = '')
{
- self::generateSessionId();
+ self::generateSessionId($salt);
self::$data = array();
}
diff --git a/inc/user.inc.php b/inc/user.inc.php
index 595f4745..49500aa2 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -56,9 +56,17 @@ class User
return false;
if (!Crypto::verify($pass, $ret['passwd']))
return false;
- Session::create();
+ Session::create($ret['passwd']);
Session::set('uid', $ret['userid']);
- Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT']));
+ Session::set('token', md5($ret['passwd'] . ','
+ . rand() . ','
+ . time() . ','
+ . rand() . ','
+ . $_SERVER['REMOTE_ADDR'] . ','
+ . rand() . ','
+ . $_SERVER['REMOTE_PORT'] . ','
+ . rand() . ','
+ . $_SERVER['HTTP_USER_AGENT']));
Session::save();
return true;
}
diff --git a/inc/util.inc.php b/inc/util.inc.php
index c0b77f96..1b29aa39 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -103,7 +103,7 @@ SADFACE;
}
/**
- * Verify the user's token that protects agains CSRF.
+ * Verify the user's token that protects against CSRF.
* If the user is logged in and there is no token variable set in
* the request, or the submitted token does not match the user's
* token, this function will return false and display an error.
@@ -111,9 +111,9 @@ SADFACE;
*/
public static function verifyToken()
{
- if (Session::get('main.token') === false)
+ if (!User::isLoggedIn() && Session::get('token') === false)
return true;
- if (isset($_REQUEST['main.token']) && Session::get('main.token') === $_REQUEST['main.token'])
+ if (isset($_REQUEST['token']) && Session::get('token') === $_REQUEST['token'])
return true;
Message::addError('main.token');
return false;