mirror of
https://github.com/itflow-org/itflow
synced 2026-03-01 03:14:52 +00:00
Generate longer more secure Key for logins
This commit is contained in:
johnnyq
4
ajax.php
4
ajax.php
@@ -239,8 +239,8 @@ if(isset($_GET['share_generate_link'])){
|
|||||||
|
|
||||||
// Decrypt & re-encrypt password for sharing
|
// Decrypt & re-encrypt password for sharing
|
||||||
$login_password_cleartext = decryptLoginEntry($row['login_password']);
|
$login_password_cleartext = decryptLoginEntry($row['login_password']);
|
||||||
$login_encryption_key = keygen();
|
$login_encryption_key = bin2hex(random_bytes(8));
|
||||||
$iv = keygen();
|
$iv = bin2hex(random_bytes(8));
|
||||||
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
|
$ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
|
||||||
|
|
||||||
$item_encrypted_credential = $iv . $ciphertext;
|
$item_encrypted_credential = $iv . $ciphertext;
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
$key = keygen();
|
$key = bin2hex(random_bytes(78));
|
||||||
?>
|
?>
|
||||||
<div class="modal" id="addApiKeyModal" tabindex="-1">
|
<div class="modal" id="addApiKeyModal" tabindex="-1">
|
||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
|
|||||||
@@ -14,6 +14,11 @@
|
|||||||
<p>This is a great starting point for new custom pages.</p>
|
<p>This is a great starting point for new custom pages.</p>
|
||||||
|
|
||||||
<?php echo CURRENT_DATABASE_VERSION; ?>
|
<?php echo CURRENT_DATABASE_VERSION; ?>
|
||||||
|
<br>
|
||||||
|
|
||||||
|
<?php echo bin2hex(random_bytes(8)); ?>
|
||||||
|
<br>
|
||||||
|
<?php echo keygen(); ?>
|
||||||
|
|
||||||
<script>toastr.success('Have Fun Wozz!!')</script>
|
<script>toastr.success('Have Fun Wozz!!')</script>
|
||||||
|
|
||||||
|
|||||||
@@ -236,8 +236,8 @@ function mkdir_missing($dir) {
|
|||||||
// Called during initial setup
|
// Called during initial setup
|
||||||
// Encrypts the master key with the user's password
|
// Encrypts the master key with the user's password
|
||||||
function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
|
function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
|
||||||
$iv = keygen();
|
$iv = bin2hex(random_bytes(8));
|
||||||
$salt = keygen();
|
$salt = bin2hex(random_bytes(8));
|
||||||
|
|
||||||
//Generate 128-bit (16 byte/char) kdhash of the users password
|
//Generate 128-bit (16 byte/char) kdhash of the users password
|
||||||
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
|
$user_password_kdhash = hash_pbkdf2('sha256', $user_password, $salt, 100000, 16);
|
||||||
@@ -256,8 +256,8 @@ function setupFirstUserSpecificKey($user_password, $site_encryption_master_key){
|
|||||||
* Password Changes: Will use the current info in the session.
|
* Password Changes: Will use the current info in the session.
|
||||||
*/
|
*/
|
||||||
function encryptUserSpecificKey($user_password){
|
function encryptUserSpecificKey($user_password){
|
||||||
$iv = keygen();
|
$iv = bin2hex(random_bytes(8));
|
||||||
$salt = keygen();
|
$salt = bin2hex(random_bytes(8));
|
||||||
|
|
||||||
// Get the session info.
|
// Get the session info.
|
||||||
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
|
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
|
||||||
@@ -304,9 +304,9 @@ Generates what is probably best described as a session key (ephemeral-ish)
|
|||||||
*/
|
*/
|
||||||
function generateUserSessionKey($site_encryption_master_key){
|
function generateUserSessionKey($site_encryption_master_key){
|
||||||
|
|
||||||
// Generate both of these using keygen()
|
// Generate both of these using bin2hex(random_bytes(8))
|
||||||
$user_encryption_session_key = keygen();
|
$user_encryption_session_key = bin2hex(random_bytes(8));
|
||||||
$user_encryption_session_iv = keygen();
|
$user_encryption_session_iv = bin2hex(random_bytes(8));
|
||||||
$user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
|
$user_encryption_session_ciphertext = openssl_encrypt($site_encryption_master_key, 'aes-128-cbc', $user_encryption_session_key, 0, $user_encryption_session_iv);
|
||||||
|
|
||||||
// Store ciphertext in the user's session
|
// Store ciphertext in the user's session
|
||||||
@@ -346,7 +346,7 @@ function decryptLoginEntry($login_password_ciphertext){
|
|||||||
|
|
||||||
// Encrypts a website/asset login password
|
// Encrypts a website/asset login password
|
||||||
function encryptLoginEntry($login_password_cleartext){
|
function encryptLoginEntry($login_password_cleartext){
|
||||||
$iv = keygen();
|
$iv = bin2hex(random_bytes(8));
|
||||||
|
|
||||||
// Get the user session info.
|
// Get the user session info.
|
||||||
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
|
$user_encryption_session_ciphertext = $_SESSION['user_encryption_session_ciphertext'];
|
||||||
|
|||||||
@@ -66,7 +66,7 @@ if(isset($_POST['login'])){
|
|||||||
$_SESSION['user_id'] = $row['user_id'];
|
$_SESSION['user_id'] = $row['user_id'];
|
||||||
$_SESSION['user_name'] = $row['user_name'];
|
$_SESSION['user_name'] = $row['user_name'];
|
||||||
$_SESSION['user_role'] = $row['user_role'];
|
$_SESSION['user_role'] = $row['user_role'];
|
||||||
$_SESSION['csrf_token'] = keygen();
|
$_SESSION['csrf_token'] = bin2hex(random_bytes(78));
|
||||||
|
|
||||||
// Setup encryption session key
|
// Setup encryption session key
|
||||||
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
|
if (isset($row['user_specific_encryption_ciphertext']) && $row['user_role'] > 1) {
|
||||||
|
|||||||
4
post.php
4
post.php
@@ -384,7 +384,7 @@ if(isset($_GET['archive_user'])){
|
|||||||
|
|
||||||
// Variables from GET
|
// Variables from GET
|
||||||
$user_id = intval($_GET['archive_user']);
|
$user_id = intval($_GET['archive_user']);
|
||||||
$password = password_hash(key32gen(), PASSWORD_DEFAULT);
|
$password = password_hash(bin2hex(random_bytes(16)), PASSWORD_DEFAULT);
|
||||||
|
|
||||||
// Get user details
|
// Get user details
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
|
$sql = mysqli_query($mysqli,"SELECT * FROM users WHERE user_id = $user_id");
|
||||||
@@ -3855,7 +3855,7 @@ if(isset($_POST['add_contact'])){
|
|||||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['notes'])));
|
||||||
$location_id = intval($_POST['location']);
|
$location_id = intval($_POST['location']);
|
||||||
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['auth_method'])));
|
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['auth_method'])));
|
||||||
$password = password_hash(keygen(), PASSWORD_DEFAULT);
|
$password = password_hash(bin2hex(random_bytes(16)), PASSWORD_DEFAULT);
|
||||||
|
|
||||||
|
|
||||||
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
|
if(!file_exists("uploads/clients/$session_company_id/$client_id")) {
|
||||||
|
|||||||
Reference in New Issue
Block a user