gnh1201/reasonableframework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update security.php

Browse Source
This commit is contained in:
Namhyeon Go 2018-02-13 15:20:00 +09:00 committed by GitHub
parent b89bcbeb5a
commit 7ceb893e04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
system/security.php
View File

@ -84,14 +84,16 @@ if(!function_exists("check_login_session")) {
function check_login_session($ss_key, $config) { function check_login_session($ss_key, $config) {
$flag = false; $flag = false;
$session_name = sha1($ss_key); $session_name = get_password($ss_key);
$session_file = $config['session_dir'] . '/' . $session_name; $session_file = $config['session_dir'] . '/' . $session_name;
$session_stored_key = ""; $session_stored_key = "";
if(file_exists($session_file)) { if(file_exists($session_file)) {
$fh = fopen($session_file, 'r'); $fh = fopen($session_file, 'r');
if($session_stored_key = fread($fh, filesize($session_file))) { if($session_stored_key = fread($fh, filesize($session_file))) {
$flag = ($session_stored_key == $ss_key) ? true : false; if(!check_token_abuse($session_stored_key, $session_name)) {
$flag = true;
}
} }
} }
@ -103,17 +105,15 @@ if(!function_exists("store_login_session")) {
function store_login_session($ss_key, $config) { function store_login_session($ss_key, $config) {
$flag = false; $flag = false;
$session_name = sha1($ss_key); $session_name = get_password($ss_key);
$session_file = $config['session_dir'] . '/' . $session_name; $session_file = $config['session_dir'] . '/' . $session_name;
if(is_writable($session_file)) { $fh = fopen($session_file, 'w');
$fh = fopen($session_file, 'w'); if($fh !== false) {
if($fh) { if(fwrite($fh, $session_name)) {
if(fwrite($fh, $session_name)) { $flag = check_login_session($ss_key, $config);
$flag = check_login_session($ss_key, $config);
}
@chmod($session_file, 600);
} }
@chmod($session_file, 0777);
} }
return $flag; return $flag;
@ -167,10 +167,13 @@ if(!function_exists("check_empty_requests")) {
if(!function_exists("get_salt")) { if(!function_exists("get_salt")) {
function get_salt() { function get_salt() {
global $config;
$salt = "H6hclwzFplRQw39C"; $salt = "H6hclwzFplRQw39C";
if(!array_key_empty("salt", $config)) { if(!array_key_empty("salt", $config)) {
$salt = $config['salt']; $salt = $config['salt'];
} }
return $salt; return $salt;
} }
} }
@ -180,6 +183,7 @@ if(!function_exists("get_password")) {
global $config; global $config;
$salt = get_salt(); $salt = get_salt();
$is_not_supported = false;
$plain_text = $text; $plain_text = $text;
$hashed_text = ""; $hashed_text = "";