mirror of https://github.com/itflow-org/itflow
Generate longer more secure Key for logins
This commit is contained in:
johnnyq
parent
5d6b03141b
commit
29a9d6ef8f
4
ajax.php
4
ajax.php
|
|
@ -239,8 +239,8 @@ if(isset($_GET['share_generate_link'])){
|
|||
|
||||
// Decrypt & re-encrypt password for sharing
|
||||
$login_password_cleartext = decryptLoginEntry($row['login_password']);
|
||||
$login_encryption_key = keygen();
|
||||
$iv = keygen();
|
||||
$login_encryption_key = bin2hex(random_bytes(8));
|
||||
$iv = bin2hex(random_bytes(8));
|
||||
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
|
||||
|
||||
$item_encrypted_credential = $iv . $ciphertext;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
$key = keygen();
|
||||
$key = bin2hex(random_bytes(78));
|
||||
?>
|
||||
<div class="modal" id="addApiKeyModal" tabindex="-1">
|
||||
<div class="modal-dialog">
|
||||
|
|
|
|||
|
|
@ -14,6 +14,11 @@
|
|||
<p>This is a great starting point for new custom pages.</p>
|
||||
|
||||
<?php echo CURRENT_DATABASE_VERSION; ?>
|
||||
<br>
|
||||
|
||||
<?php echo bin2hex(random_bytes(8)); ?>
|
||||
<br>
|
||||
<?php echo keygen(); ?>
|
||||
|
||||
<script>toastr.success('Have Fun Wozz!!')</script>
|
||||
|
||||
|
|
|
|||
|
|
@ -236,8 +236,8 @@ function mkdir_missing($dir) {
|
|||
// Called during initial setup
|
||||
// Encrypts the master key with the user's password
|
||||
function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
|
||||
$iv = keygen();
|
||||
$salt = keygen();
|
||||
$iv = bin2hex(random_bytes(8));
|
||||
$salt = bin2hex(random_bytes(8));
|
||||
|
||||
//Generate 128-bit (16 byte/char) kdhash of the users password
|
||||
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
|
||||
|
|
@ -256,8 +256,8 @@ function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
|
|||
* Password Changes: Will use the current info in the session.
|
||||
*/
|
||||
function encryptUserSpecificKey($user_password){
|
||||
$iv = keygen();
|
||||
$salt = keygen();
|
||||
$iv = bin2hex(random_bytes(8));
|
||||
$salt = bin2hex(random_bytes(8));
|
||||
|
||||
// Get the session info.
|
||||
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
|
||||
|
|
@ -304,9 +304,9 @@ Generates what is probably best described as a session key (ephemeral-ish)
|
|||
*/
|
||||
function generateUserSessionKey($site_encryption_master_key){
|
||||
|
||||
// Generate both of these using keygen()
|
||||
$user_encryption_session_key = keygen();
|
||||
$user_encryption_session_iv = keygen();
|
||||
// Generate both of these using bin2hex(random_bytes(8))
|
||||
$user_encryption_session_key = bin2hex(random_bytes(8));
|
||||
$user_encryption_session_iv = bin2hex(random_bytes(8));
|
||||
$user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
|
||||
|
||||
// Store ciphertext in the user's session
|
||||
|
|
@ -346,7 +346,7 @@ function decryptLoginEntry($login_password_ciphertext){
|
|||
|
||||
// Encrypts a website/asset login password
|
||||
function encryptLoginEntry($login_password_cleartext){
|
||||
$iv = keygen();
|
||||
$iv = bin2hex(random_bytes(8));
|
||||
|
||||
// Get the user session info.
|
||||
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ if(isset($_POST['login'])){
|
|||
$_SESSION['user_id'] = $row['user_id'];
|
||||
$_SESSION['user_name'] = $row['user_name'];
|
||||
$_SESSION['user_role'] = $row['user_role'];
|
||||
$_SESSION['csrf_token'] = keygen();
|
||||
$_SESSION['csrf_token'] = bin2hex(random_bytes(78));
|
||||
|
||||
// Setup encryption session key
|
||||
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
|
||||
|
|
|
|||
4
post.php
4
post.php
|
|
@ -384,7 +384,7 @@ if(isset($_GET['archive_user'])){
|
|||
|
||||
// Variables from GET
|
||||
$user_id = intval($_GET['archive_user']);
|
||||
$password = password_hash(key32gen(), PASSWORD_DEFAULT);
|
||||
$password = password_hash(bin2hex(random_bytes(16)), PASSWORD_DEFAULT);
|
||||
|
||||
// Get user details
|
||||
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
|
||||
|
|
@ -3855,7 +3855,7 @@ if(isset($_POST['add_contact'])){
|
|||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
||||
$location_id = intval($_POST['location']);
|
||||
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['auth_method'])));
|
||||
$password = password_hash(keygen(), PASSWORD_DEFAULT);
|
||||
$password = password_hash(bin2hex(random_bytes(16)), PASSWORD_DEFAULT);
|
||||
|
||||
|
||||
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue