mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer
parent
1dddd5252d
commit
a0a88af255
@ -11,11 +11,11 @@ class Member extends DataObject {
|
||||
'Surname' => 'Varchar',
|
||||
'Email' => 'Varchar',
|
||||
'Password' => 'Varchar(160)',
|
||||
'RememberLoginToken' => 'Varchar(50)',
|
||||
'RememberLoginToken' => 'Varchar(1024)',
|
||||
'NumVisit' => 'Int',
|
||||
'LastVisited' => 'SS_Datetime',
|
||||
'Bounced' => 'Boolean', // Note: This does not seem to be used anywhere.
|
||||
'AutoLoginHash' => 'Varchar(30)',
|
||||
'AutoLoginHash' => 'Varchar(1024)',
|
||||
'AutoLoginExpired' => 'SS_Datetime',
|
||||
// This is an arbitrary code pointing to a PasswordEncryptor instance,
|
||||
// not an actual encryption algorithm.
|
||||
@ -327,8 +327,8 @@ class Member extends DataObject {
|
||||
$this->NumVisit++;
|
||||
|
||||
if($remember) {
|
||||
$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($this->ID));
|
||||
$this->RememberLoginToken = $token;
|
||||
$generator = new RandomGenerator();
|
||||
$this->RememberLoginToken = $generator->generateHash('sha1');
|
||||
Cookie::set('alc_enc', $this->ID . ':' . $token, 90, null, null, null, true);
|
||||
} else {
|
||||
$this->RememberLoginToken = null;
|
||||
@ -396,8 +396,8 @@ class Member extends DataObject {
|
||||
// This lets apache rules detect whether the user has logged in
|
||||
if(self::$login_marker_cookie) Cookie::set(self::$login_marker_cookie, 1, 0, null, null, false, true);
|
||||
|
||||
$token = substr(md5(uniqid(rand(), true)), 0, 49 - strlen($member->ID));
|
||||
$member->RememberLoginToken = $token;
|
||||
$generator = new RandomGenerator();
|
||||
$member->RememberLoginToken = $generator->generateHash('sha1');
|
||||
Cookie::set('alc_enc', $member->ID . ':' . $token, 90, null, null, false, true);
|
||||
|
||||
$member->NumVisit++;
|
||||
@ -442,8 +442,8 @@ class Member extends DataObject {
|
||||
function generateAutologinHash($lifetime = 2) {
|
||||
|
||||
do {
|
||||
$hash = substr(base_convert(md5(uniqid(mt_rand(), true)), 16, 36),
|
||||
0, 30);
|
||||
$generator = new RandomGenerator();
|
||||
$hash = $generator->generateHash('sha1');
|
||||
} while(DataObject::get_one('Member', "\"AutoLoginHash\" = '$hash'"));
|
||||
|
||||
$this->AutoLoginHash = $hash;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user