Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix possible security issue for login
  • Loading branch information
aheinze committed Sep 14, 2020
1 parent a4d96b1 commit 79fc963
Showing 1 changed file with 17 additions and 1 deletion.
18 changes: 17 additions & 1 deletion modules/Cockpit/Controller/Auth.php
Expand Up @@ -17,6 +17,10 @@ public function check() {

if ($data = $this->param('auth')) {

if (!\is_string($data['user']) || !\is_string($data['password'])) {
return ['success' => false, 'error' => 'Pre-condition failed'];
}

if (isset($data['user']) && $this->app->helper('utils')->isEmail($data['user'])) {
$data['email'] = $data['user'];
$data['user'] = '';
Expand Down Expand Up @@ -128,13 +132,21 @@ public function newpassword() {

if ($token = $this->param('token')) {

if (!\is_string($token)) {
return false;
}

$user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]);

if (!$user) {
return false;
}

$user['md5email'] = md5($user['email']);
$user = [
'md5email' => md5($user['email']),
'user' => $user['name'],
'name' => $user['user'],
];

return $this->render('cockpit:views/layouts/newpassword.php', compact('user', 'token'));
}
Expand All @@ -147,6 +159,10 @@ public function resetpassword() {

if ($token = $this->param('token')) {

if (!\is_string($token)) {
return false;
}

$user = $this->app->storage->findOne('cockpit/accounts', ['_reset_token' => $token]);
$password = trim($this->param('password'));

Expand Down

0 comments on commit 79fc963

Please sign in to comment.