changed make_token, so that characterset can be determined
parent
4b365df11f
commit
d48ae4c40c
|
|
@ -109,7 +109,7 @@ function check_admin($db, $settings)
|
|||
}
|
||||
|
||||
if ( ($key == '') && (!file_exists($filename)) ) {
|
||||
$token = make_token(250);
|
||||
$token = make_token(250, 'alnum');
|
||||
$token_hash = password_hash($token, PASSWORD_DEFAULT);
|
||||
|
||||
if ($counter == 0) {
|
||||
|
|
@ -264,7 +264,7 @@ function check_auth_admin($db, $settings)
|
|||
|
||||
}
|
||||
|
||||
$token = make_token(250);
|
||||
$token = make_token(250, 'alnum');
|
||||
$token_hash = password_hash($token, PASSWORD_DEFAULT);
|
||||
|
||||
$statement = $db->prepare("UPDATE keys
|
||||
|
|
@ -371,7 +371,7 @@ function check_auth_mod($db, $settings)
|
|||
|
||||
}
|
||||
|
||||
$token = make_token(250);
|
||||
$token = make_token(250, 'alnum');
|
||||
$token_hash = password_hash($token, PASSWORD_DEFAULT);
|
||||
|
||||
$statement = $db->prepare("UPDATE keys
|
||||
|
|
@ -621,7 +621,7 @@ function dump_full($db, $settings)
|
|||
array_push($json_dump, $post);
|
||||
}
|
||||
|
||||
$diff = make_token(20);
|
||||
$diff = make_token(20, 'alnum');
|
||||
$filename = $settings['work_dir'] . 'full_dump_' . $diff . '.json';
|
||||
|
||||
file_put_contents($filename, json_encode($json_dump,
|
||||
|
|
|
|||
21
opt/base.php
21
opt/base.php
|
|
@ -492,18 +492,25 @@ function make_tables($db)
|
|||
// a limited time. A way of having sessions without cookies.
|
||||
// Also used as a hidden field in the post form to prevent double
|
||||
// posting by sending the same input twice.
|
||||
function make_token($length)
|
||||
function make_token($length, $mode)
|
||||
{
|
||||
if ( $mode == 'alnum' ) {
|
||||
$characters = '0123456789'
|
||||
. 'abcdefghijklmnopqrstuvwxyz'
|
||||
. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
} elseif ( $mode == 'alpha' ) {
|
||||
$characters = 'abcdefghijklmnopqrstuvwxyz'
|
||||
. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
} elseif ( $mode == 'num' ) {
|
||||
$characters = '0123456789';
|
||||
}
|
||||
|
||||
$counter = count($characters) - 1;
|
||||
|
||||
$characters = '0123456789'
|
||||
. 'abcdefghijklmnopqrstuvwxyz'
|
||||
. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
|
||||
$random_string = '';
|
||||
|
||||
for ($i = 0; $i < $length; $i++) {
|
||||
$index = random_int(0, 61);
|
||||
// we have 62 to choose, so 0 to 61
|
||||
$index = random_int(0, $counter);
|
||||
$random_string .= $characters[$index];
|
||||
}
|
||||
|
||||
|
|
|
|||
12
opt/bot.php
12
opt/bot.php
|
|
@ -248,17 +248,7 @@ function check_portal($db, $settings, $ip)
|
|||
log_event($db, $settings, "portal", $portal_message, $ip);
|
||||
return;
|
||||
} else {
|
||||
$characters = 'abcdefghijklmnopqrstuvwxyz'
|
||||
. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
|
||||
$random_string = '';
|
||||
|
||||
for ($i = 0; $i < 20; $i++) {
|
||||
// token length is set to 20 characters
|
||||
$index = random_int(0, 51);
|
||||
// we have 52 to choose, so 0 to 51
|
||||
$random_string .= $characters[$index];
|
||||
}
|
||||
$random_string = make_token(20, 'alpha');
|
||||
|
||||
// $request = '/' . $random_string;
|
||||
|
||||
|
|
|
|||
18
opt/post.php
18
opt/post.php
|
|
@ -52,18 +52,8 @@
|
|||
function answer_redirect($sub, $css, $post_id, $settings)
|
||||
{
|
||||
|
||||
$characters = 'abcdefghijklmnopqrstuvwxyz'
|
||||
. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
|
||||
$random_string = '';
|
||||
|
||||
for ($i = 0; $i < 20; $i++) {
|
||||
// token length is set to 20 characters
|
||||
$index = random_int(0, 51);
|
||||
// we have 52 to choose, so 0 to 51
|
||||
$random_string .= $characters[$index];
|
||||
}
|
||||
|
||||
$random_string = make_token(10, 'alpha');
|
||||
|
||||
if ( ( $settings['enable_tripcodes'] == TRUE ) &&
|
||||
( $_POST['combination'] == $_POST['combination_hidden'] ) &&
|
||||
( !empty($_POST['combination']) ) ) {
|
||||
|
|
@ -557,8 +547,8 @@ function make_post($db, $sub, $settings, $text, $org_id)
|
|||
|
||||
function make_tripcode($settings)
|
||||
{
|
||||
$tripkey = make_token(25);
|
||||
$differ = make_token(6);
|
||||
$tripkey = make_token(25, 'alnum');
|
||||
$differ = make_token(6, 'alnum');
|
||||
$name = $settings['prefix_autogen'] . $differ;
|
||||
$combination = $name . '#' . $tripkey;
|
||||
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ function show_edit_form($db, $sub, $post_id, $ip, $css, $settings)
|
|||
. "<input type='hidden' name='original' value='$original'>"
|
||||
. "<input type='hidden' name='post_id' value='$post_id'>";
|
||||
|
||||
$token = make_token(250);
|
||||
$token = make_token(250, 'alnum');
|
||||
$current = time();
|
||||
|
||||
$hash = hash('sha512', $token);
|
||||
|
|
@ -183,7 +183,7 @@ function show_post_form($db, $msg, $sub, $settings, $org_id, $css, $quote, $ip)
|
|||
$html_string .= "<input type='hidden' name='org_id' value='$org_id'>";
|
||||
}
|
||||
|
||||
$token = make_token(250);
|
||||
$token = make_token(250, 'alnum');
|
||||
$current = time();
|
||||
|
||||
if ($settings['use_captcha']) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue