Permalink
Browse files

adding second auth key and salt. backing up config file before update.

  • Loading branch information...
padams
padams committed Jan 21, 2014
1 parent fc42854 commit 4e9167727e8abaeb61bb0823e5ec5eed9e7f9c1b
Showing with 28 additions and 11 deletions.
  1. +8 −2 modules/base/classes/settings.php
  2. +17 −8 modules/base/updates/009.php
  3. +3 −1 owa-config-dist.php
@@ -823,10 +823,16 @@ public function createConfigFile($config_values) {
fwrite($handle, str_replace("http://domain/path/to/owa/", $config_values['public_url'], $line));
break;
case "define('OWA_NONCE_KE":
- fwrite($handle, str_replace("yournoncekeygoeshere", owa_coreAPI::secureRandomString(40), $line));
+ fwrite($handle, str_replace("yournoncekeygoeshere", owa_coreAPI::secureRandomString(64), $line));
break;
case "define('OWA_NONCE_SA":
- fwrite($handle, str_replace("yournoncesaltgoeshere", owa_coreAPI::secureRandomString(40), $line));
+ fwrite($handle, str_replace("yournoncesaltgoeshere", owa_coreAPI::secureRandomString(64), $line));
+ break;
+ case "define('OWA_AUTH_KEY":
+ fwrite($handle, str_replace("yourauthkeygoeshere", owa_coreAPI::secureRandomString(64), $line));
+ break;
+ case "define('OWA_AUTH_SAL":
+ fwrite($handle, str_replace("yourauthsaltgoeshere", owa_coreAPI::secureRandomString(64), $line));
break;
default:
fwrite($handle, $line);
@@ -39,6 +39,13 @@ function up($force = false) {
$c = file_get_contents(OWA_DIR . 'owa-config.php');
+ $ret = copy(OWA_DIR . 'owa-config.php', OWA_DIR . 'owa-config.php.backup.' . time() );
+
+ if ($ret === false ) {
+ $this->e->notice('A backup of your owa-config.php could not be created. Check permissions to ensure your main OWA directory is writable.');
+ return false;
+ }
+
if ($c) {
@@ -48,26 +55,28 @@ function up($force = false) {
*
* Change these to different unique phrases.
*/" . PHP_EOL.PHP_EOL;
- $n1 = "define('OWA_NONCE_KEY', '" . owa_coreAPI::secureRandomString(40) . "');" . PHP_EOL;
- $n2 = "define('OWA_NONCE_SALT', '" . owa_coreAPI::secureRandomString(40) . "');" . PHP_EOL . PHP_EOL;
- $n3 = "?>";
+ $n1 = "define('OWA_NONCE_KEY', '" . owa_coreAPI::secureRandomString(64) . "');" . PHP_EOL;
+ $n2 = "define('OWA_NONCE_SALT', '" . owa_coreAPI::secureRandomString(64) . "');" . PHP_EOL;
+ $n3 = "define('OWA_AUTH_KEY', '" . owa_coreAPI::secureRandomString(64) . "');" . PHP_EOL;
+ $n4 = "define('OWA_AUTH_SALT', '" . owa_coreAPI::secureRandomString(64) . "');" . PHP_EOL . PHP_EOL;
+ $ne = "?>";
- $value = $n0. $n1 . $n2 . $n3;
+ $value = $n0. $n1 . $n2 . $n3 . $n4 . $ne;
//fseek($handle, -1, SEEK_END);
//$ret = fwrite($handle, $value);
//fclose($handle);
$c = str_replace('?>', $value, $c);
- print $c;
+
$ret = file_put_contents(OWA_DIR . 'owa-config.php', $c);
if ($ret === false ) {
- $this->e->notice('config file not updated.');
+ $this->e->notice('owa-config.php could not be written to. Check permissions to ensure this file is writable.');
return false;
}
- $this->e->notice('config file updated.');
+ $this->e->notice('Auth keys added to owa-config.php.');
return true;
} else {
- $this->e->notice('config file could not be read.');
+ $this->e->notice('owa-config.php could not be read. check permissions to ensure this file is readable.');
return false;
}
View
@@ -47,7 +47,9 @@
* Change these to different unique phrases.
*/
define('OWA_NONCE_KEY', 'yournoncekeygoeshere');
-define('OWA_NONCE_SALT', 'yournoncesaltgoeshere');
+define('OWA_NONCE_SALT', 'yournoncesaltgoeshere');
+define('OWA_AUTH_KEY', 'yourauthkeygoeshere');
+define('OWA_AUTH_SALT', 'yourauthsaltgoeshere');
/**
* PUBLIC URL

0 comments on commit 4e91677

Please sign in to comment.