- Create custom function (randomString()) for generating cryptographically (and URL) safe strings.

- Replace usages of keygen and bin2hex(random_bytes()) with this function.
2026-02-28 10:54:52 +00:00 · 2023-01-26 21:35:06 +00:00
parent 41068d356b
commit 23e3a2e8fc
10 changed files with 52 additions and 47 deletions
--- a/login.php
+++ b/login.php
@@ -117,7 +117,7 @@ if (isset($_POST['login'])) {
            $_SESSION['user_id'] = $user_id;
            $_SESSION['user_name'] = $user_name;
            $_SESSION['user_role'] = $row['user_role'];
-            $_SESSION['csrf_token'] = bin2hex(random_bytes(78));
+            $_SESSION['csrf_token'] = randomString(156);
            $_SESSION['logged'] = TRUE;

            // Setup encryption session key