Skip to content
Permalink
Browse files
see #523 - improve randomness when creating the PFA_token field; repo…
…rted by @michaellrowley via huntr.dev.
  • Loading branch information
DavidGoodwin committed Aug 4, 2021
1 parent 99a549c commit 25ac89f6a7a51b34043fad388b7f81e4e07994e9
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
@@ -108,7 +108,8 @@ function init_session($username, $is_admin = false)
$_SESSION['sessid']['roles'] = array();
$_SESSION['sessid']['roles'][] = $is_admin ? 'admin' : 'user';
$_SESSION['sessid']['username'] = $username;
$_SESSION['PFA_token'] = md5(uniqid("", true));

$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));

return $status;
}
@@ -70,8 +70,7 @@
if ($error) {
flash_error($error);
}

$_SESSION['PFA_token'] = md5(uniqid('pfa' . rand(), true));
$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));

$smarty->assign('language_selector', language_selector(), false);
$smarty->assign('smarty_template', 'login');

0 comments on commit 25ac89f

Please sign in to comment.