gnh1201/reasonableframework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update security.php

Browse Source
This commit is contained in:
Namhyeon Go 2018-02-13 15:20:00 +09:00 committed by GitHub
parent b89bcbeb5a
commit 7ceb893e04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
system/security.php
View File

@ -84,14 +84,16 @@ if(!function_exists("check_login_session")) {
function check_login_session($ss_key, $config) {
$flag = false;
$session_name = sha1($ss_key);
$session_name = get_password($ss_key);
$session_file = $config['session_dir'] . '/' . $session_name;
$session_stored_key = "";
if(file_exists($session_file)) {
$fh = fopen($session_file, 'r');
if($session_stored_key = fread($fh, filesize($session_file))) {
$flag = ($session_stored_key == $ss_key) ? true : false;
if(!check_token_abuse($session_stored_key, $session_name)) {
$flag = true;
}
}
}
@ -103,17 +105,15 @@ if(!function_exists("store_login_session")) {
function store_login_session($ss_key, $config) {
$flag = false;
$session_name = sha1($ss_key);
$session_name = get_password($ss_key);
$session_file = $config['session_dir'] . '/' . $session_name;
if(is_writable($session_file)) {
$fh = fopen($session_file, 'w');
if($fh) {
if(fwrite($fh, $session_name)) {
$flag = check_login_session($ss_key, $config);
}
@chmod($session_file, 600);
$fh = fopen($session_file, 'w');
if($fh !== false) {
if(fwrite($fh, $session_name)) {
$flag = check_login_session($ss_key, $config);
}
@chmod($session_file, 0777);
}
return $flag;
@ -167,10 +167,13 @@ if(!function_exists("check_empty_requests")) {
if(!function_exists("get_salt")) {
function get_salt() {
global $config;
$salt = "H6hclwzFplRQw39C";
if(!array_key_empty("salt", $config)) {
$salt = $config['salt'];
}
return $salt;
}
}
@ -180,6 +183,7 @@ if(!function_exists("get_password")) {
global $config;
$salt = get_salt();
$is_not_supported = false;
$plain_text = $text;
$hashed_text = "";