AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Create custom function (randomString()) for generating cryptographically (and URL) safe strings.

Browse Source 
- Replace usages of keygen and bin2hex(random_bytes()) with this function.
This commit is contained in:
Marcus Hill
2023-01-26 21:35:06 +00:00
parent 41068d356b
commit 23e3a2e8fc
10 changed files with 52 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
portal/login_reset.php
View File

@@ -51,7 +51,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$company = $row['company_id'];
if ($row['contact_email'] == $email) {
$token = bin2hex(random_bytes(78));
$token = randomString(156);
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");