Cutlery/beestat
1
0
Fork 0
mirror of https://github.com/beestat/app.git synced 2025-06-23 15:30:43 -04:00
Code Actions Packages Releases Activity

Fixed a couple of spots where random values were not using cryptographically-secure methods.

Browse Source
This commit is contained in:
Jon Ziebell 2022-01-08 15:48:32 -05:00
parent ee6a196a72
commit 14bed9c570
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/cora/session.php
View File

@ -250,7 +250,7 @@ final class session {
* @return string The generated session key. * @return string The generated session key.
*/ */
private function generate_session_key() { private function generate_session_key() {
return strtolower(sha1(uniqid(mt_rand(), true))); return bin2hex(random_bytes(20));
} }
/** /**

4
api/user.php
View File

@ -55,8 +55,8 @@ class user extends cora\crud {
* without having to spend the time creating an actual user. * without having to spend the time creating an actual user.
*/ */
public function create_anonymous_user() { public function create_anonymous_user() {
$username = strtolower(sha1(uniqid(mt_rand(), true))); $username = bin2hex(random_bytes(20));
$password = strtolower(sha1(uniqid(mt_rand(), true))); $password = bin2hex(random_bytes(20));
$user = $this->create([ $user = $this->create([
'username' => $username, 'username' => $username,
'password' => $password, 'password' => $password,