gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-06-18 02:59:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

SeedDMS_Core_DMS::createPasswordRequest() creates a cryptographically secure hash

Browse Source
This commit is contained in:
Uwe Steinmann 2022-11-02 09:00:01 +01:00
parent 68427394ae
commit f363e226fd
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
SeedDMS_Core/Core/inc.ClassDMS.php
View File

@ -2541,7 +2541,15 @@ class SeedDMS_Core_DMS {
* @return string|boolean hash value of false in case of an error
*/
function createPasswordRequest($user) { /* {{{ */
$hash = md5(uniqid(time()));
$lenght = 32;
if (function_exists("random_bytes")) {
$bytes = random_bytes(ceil($lenght / 2));
} elseif (function_exists("openssl_random_pseudo_bytes")) {
$bytes = openssl_random_pseudo_bytes(ceil($lenght / 2));
} else {
return false;
}
$hash = bin2hex($bytes);
$queryStr = "INSERT INTO `tblUserPasswordRequest` (`userID`, `hash`, `date`) VALUES (" . $user->getId() . ", " . $this->db->qstr($hash) .", ".$this->db->getCurrentDatetime().")";
$resArr = $this->db->getResult($queryStr);
if (is_bool($resArr) && !$resArr) return false;

1
SeedDMS_Core/package.xml
View File

@ -26,6 +26,7 @@
<notes>
- fix SeedDMS_Core_User::getDocumentContents()
- fix SeedDMS_Core_File::fileExtension()
- SeedDMS_Core_DMS::createPasswordRequest() creates a cryptographically secure hash
</notes>
<contents>
<dir baseinstalldir="SeedDMS" name="/">