AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 19:04:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix randomString() to generate cryptographically secure URL-safe tokens, reduced url keys to 32 Characters for performance and easy copy and paste and compatibility while still mainitaining ubreakable cryptographic keys

Browse Source
This commit is contained in:
johnnyq
2025-12-18 14:24:53 -05:00
parent 32f996d034
commit a79ce23ae5
16 changed files with 39 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
agent/user/post/profile.php
View File

@@ -88,7 +88,7 @@ if (isset($_POST['edit_your_user_details'])) {
}
if (isset($_GET['clear_your_user_avatar'])) {
validateCSRFToken($_GET['csrf_token']);
mysqli_query($mysqli,"UPDATE users SET user_avatar = NULL WHERE user_id = $session_user_id");
@@ -96,7 +96,7 @@ if (isset($_GET['clear_your_user_avatar'])) {
logAction("User Account", "Edit", "$session_name cleared their avatar");
flash_alert("Avatar cleared", 'error');
redirect();
}
@@ -167,7 +167,7 @@ if (isset($_POST['edit_your_user_preferences'])) {
// Enable extension access, only if it isn't already setup (user doesn't have cookie)
if (isset($_POST['extension']) && $_POST['extension'] == 'Yes') {
if (!isset($_COOKIE['user_extension_key'])) {
$extension_key = randomString(156);
$extension_key = randomString(32);
mysqli_query($mysqli, "UPDATE users SET user_extension_key = '$extension_key' WHERE user_id = $session_user_id");
$extended_log_description .= "enabled browser extension access";
@@ -196,7 +196,7 @@ if (isset($_POST['enable_mfa'])) {
require_once "../../plugins/totp/totp.php";
// Grab the code from the user
$verify_code = trim($_POST['verify_code']);
$verify_code = trim($_POST['verify_code']);
// Ensure it's numeric
if (!ctype_digit($verify_code)) {
$verify_code = '';
@@ -227,9 +227,9 @@ if (isset($_POST['enable_mfa'])) {
if ($previousPage === 'mfa_enforcement.php') {
// Redirect back to mfa_enforcement.php
redirect("../$config_start_page");
}
}
}
} else {
// FAILURE
@@ -245,7 +245,7 @@ if (isset($_POST['enable_mfa'])) {
// Redirect back to mfa_enforcement.php
redirect();
}
}
}
}
redirect("user_security.php");