| 356,10 → 356,10 |
|---|
| $user->accessID = $row['AccessID']; |
| $user->username = $row['Username']; |
| $user->password = $row['Password']; |
| $user->salt = $row['Salt']; |
| $user->emailAddress = $row['EmailAddress']; |
| $user->name = $row['Name']; |
| $user->csrftoken = $row['CSRFToken']; |
| $user->salt = $row['Salt']; |
| $user->challengeID = $row['ChallengeID']; |
| |
| return $user; |
| 476,6 → 476,33 |
|---|
| return sha1($salt . $pass); |
| } |
| |
| function rndString($len = 8) { |
| $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
| $clen = strlen($characters); |
| |
| $res = ''; |
| for ($i = $len - 1; $i >= 0; $i--) { |
| $res .= $chars[rand(0, clen - 1)]; |
| } |
| |
| return $res; |
| } |
| |
| function getCRSFToken($id) { |
| $token = $this->rndString(); |
| $this->query("UPDATE USERS Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
| return $token; |
| } |
| |
| function checkCRSFToken($id, $token) { |
| $user = $this->getUserByID($id); |
| if ($token !== $user->csrftoken) { |
| die("a death"); |
| } |
| |
| $this->getCRSFToken($id); // change to something else so we can't re-use it |
| } |
| |
| function getGetID() { |
| $id = $_GET['id']; |
| if (empty($id)) { |
| 502,9 → 529,9 |
|---|
| public $accessID; |
| public $username; |
| public $password; |
| public $salt; |
| public $emailAddress; |
| public $name; |
| public $salt; |
| public $csrftoken; |
| |
| public $challengeID; |