From bc959df0c9df3fdf250fb93ef30dbb81cbd848c7 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Thu, 19 May 2016 15:46:30 +0200
Subject: Fix CSRF token checking; improve token/sid generation

---
 inc/user.inc.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'inc/user.inc.php')

diff --git a/inc/user.inc.php b/inc/user.inc.php
index 595f4745..49500aa2 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -56,9 +56,17 @@ class User
 			return false;
 		if (!Crypto::verify($pass, $ret['passwd']))
 			return false;
-		Session::create();
+		Session::create($ret['passwd']);
 		Session::set('uid', $ret['userid']);
-		Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT']));
+		Session::set('token', md5($ret['passwd'] . ','
+			. rand() . ','
+			. time() . ','
+			. rand() . ','
+			. $_SERVER['REMOTE_ADDR'] . ','
+			. rand() . ','
+			. $_SERVER['REMOTE_PORT'] . ','
+			. rand() . ','
+			. $_SERVER['HTTP_USER_AGENT']));
 		Session::save();
 		return true;
 	}
-- 
cgit v1.2.3-55-g7522