dave/pathfinder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- changed mcrypt() functions to openssl() functions, closed #422

Browse Source 
- removed  mcrypt from required PHP extensions -> updated /setup page
This commit is contained in:
Exodus4D
2017-01-14 14:37:31 +01:00
parent ab5349b806
commit aa78d0c4e0
3 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/main/controller/controller.php
View File

@@ -11,6 +11,7 @@ use Controller\Api as Api;
use Controller\Ccp\Sso as Sso;
use lib\Config;
use lib\Socket;
use Lib\Util;
use Model;
use DB;
@@ -204,12 +205,12 @@ class Controller {
// unique "selector" -> to facilitate database look-ups (small size)
// -> This is preferable to simply using the database id field,
// which leaks the number of active users on the application
$selector = bin2hex(mcrypt_create_iv(12, MCRYPT_DEV_URANDOM));
$selector = bin2hex( openssl_random_pseudo_bytes(12) );
// generate unique "validator" (strong encryption)
// -> plaintext set to user (cookie), hashed version of this in DB
$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$validator = bin2hex(mcrypt_create_iv($size, MCRYPT_DEV_URANDOM));
$size = openssl_cipher_iv_length('aes-256-cbc');
$validator = bin2hex(openssl_random_pseudo_bytes($size) );
// generate unique cookie token
$token = hash('sha256', $validator);