AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-21 21:15:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #891 from wrongecho/login-encryption-fix

Browse Source 
BUGFIX: Login with and actually decrypt the master encryption key
This commit is contained in:
wrongecho
2024-02-23 21:29:07 +00:00
committed by GitHub
parent 603d677dfd 6432ee0486
commit c510eac613
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
login.php
View File

@@ -186,11 +186,11 @@ if (isset($_POST['login'])) {
$_SESSION['logged'] = true; $_SESSION['logged'] = true;
// Setup encryption session key // Setup encryption session key
if (is_null($user_encryption_ciphertext) && $user_role > 1) { if (isset($user_encryption_ciphertext) && $user_role > 1) {
$site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password); $site_encryption_master_key = decryptUserSpecificKey($user_encryption_ciphertext, $password);
generateUserSessionKey($site_encryption_master_key); generateUserSessionKey($site_encryption_master_key);
// Setup extension // Setup extension - currently unused
if (is_null($user_extension_key)) { if (is_null($user_extension_key)) {
// Extension cookie // Extension cookie
// Note: Browsers don't accept cookies with SameSite None if they are not HTTPS. // Note: Browsers don't accept cookies with SameSite None if they are not HTTPS.
@@ -200,6 +200,7 @@ if (isset($_POST['login'])) {
$user_php_session = session_id(); $user_php_session = session_id();
mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = $user_id"); mysqli_query($mysqli, "UPDATE users SET user_php_session = '$user_php_session' WHERE user_id = $user_id");
} }
} }
header("Location: $config_start_page"); header("Location: $config_start_page");