From 5d6b03141b403702cad07c8c5c7896c877af8e90 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Thu, 29 Dec 2022 16:59:47 -0500
Subject: [PATCH] Generate longer more secure Key for browser extension

---
 post.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post.php b/post.php
index f6952d88..1cc3f48a 100644
--- a/post.php
+++ b/post.php
@@ -324,7 +324,7 @@ if(isset($_POST['edit_profile'])){
     // Enable extension access, only if it isn't already setup (user doesn't have cookie)
     if(isset($_POST['extension']) && $_POST['extension'] == 'Yes'){
         if(!isset($_COOKIE['user_extension_key'])){
-            $extension_key = keygen();
+            $extension_key = bin2hex(random_bytes(78));
             mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $user_id");
 
             $extended_log_description .= ", extension access enabled";