359,6 → 359,7 |
$user->salt = $row['Salt']; |
$user->emailAddress = $row['EmailAddress']; |
$user->name = $row['Name']; |
$user->csrftoken = $row['CSRFToken']; |
$user->challengeID = $row['ChallengeID']; |
|
return $user; |
475,6 → 476,33 |
return sha1($salt . $pass); |
} |
|
function rndString($len = 8) { |
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
$clen = strlen($characters); |
|
$res = ''; |
for ($i = $len - 1; $i >= 0; $i--) { |
$res .= $chars[rand(0, clen - 1)]; |
} |
|
return $res; |
} |
|
function getCRSFToken($id) { |
$token = $this->rndString(); |
$this->query("UPDATE USERS Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
return $token; |
} |
|
function checkCRSFToken($id, $token) { |
$user = $this->getUserByID($id); |
if ($token !== $user->csrftoken) { |
die("a death"); |
} |
|
$this->getCRSFToken($id); // change to something else so we can't re-use it |
} |
|
function getGetID() { |
$id = $_GET['id']; |
if (empty($id)) { |
504,6 → 532,7 |
public $salt; |
public $emailAddress; |
public $name; |
public $csrftoken; |
|
public $challengeID; |
} |