kashire/lainchan
4
0
Fork 0
Code Issues 9 Pull Requests Releases Wiki Activity

properly tie auth cookies to private salt

Browse Source
This commit is contained in:
Michael Save 2012-08-27 21:45:05 +10:00
parent 28392a12d3
commit eb146d9201
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/mod/auth.php
View File

@ -21,7 +21,7 @@ function mkhash($username, $password, $salt = false) {
} }
// generate hash (method is not important as long as it's strong) // generate hash (method is not important as long as it's strong)
$hash = substr(base64_encode(md5($username . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20); $hash = substr(base64_encode(md5($username . $config['cookies']['salt'] . sha1($username . $password . $salt . ($config['mod']['lock_ip'] ? $_SERVER['REMOTE_ADDR'] : ''), true), true)), 0, 20);
if (isset($generated_salt)) if (isset($generated_salt))
return Array($hash, $salt); return Array($hash, $salt);