Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
La Quadrature du Net
JabberService
Commits
acc33c53
Commit
acc33c53
authored
Aug 26, 2014
by
Benjamin Sonntag
Browse files
adding a tool to compute a hash for a mail + fixing csrf (for good)
parent
27ff9a47
Changes
3
Hide whitespace changes
Inline
Side-by-side
my/dochangepass.php
View file @
acc33c53
...
...
@@ -25,8 +25,8 @@ $debug=false;
$fields
=
array
(
"csrf"
,
"id"
,
"key"
,
"pass1"
,
"pass2"
,
"url"
);
$found
=
0
;
foreach
(
$fields
as
$f
)
if
(
isset
(
$_POST
[
$f
]))
$found
++
;
$error
=
array
();
$info
=
array
();
if
(
!
count
(
$error
))
$error
=
array
();
if
(
!
count
(
$info
))
$info
=
array
();
if
(
$found
==
6
&&
$_POST
[
"url"
]
==
""
)
{
$_GET
[
"id"
]
=
$_POST
[
"id"
];
...
...
my/dolost.php
View file @
acc33c53
...
...
@@ -93,8 +93,9 @@ if (isset($_GET["id"]) && isset($_GET["key"])) {
if
(
$already
[
"disabledate"
]
!=
""
)
{
$error
[]
=
sprintf
(
_
(
"This account have been disabled. <a href=
\"
%s
\"
>Click here to restore it</a>."
),
"recover.php"
);
}
$key
=
substr
(
md5
(
$csrf_key
.
"-"
.
$already
[
"id"
]
.
"-"
.
$already
[
"jabberid"
]),
0
,
16
);
if
(
$key
!=
$_GET
[
"key"
])
{
$key
=
substr
(
md5
(
$csrf_key
.
"-"
.
$already
[
"id"
]
.
"-"
.
$already
[
"jabberid"
]
.
"-"
.
intval
(
time
()
/
14400
)
),
0
,
16
);
$key2
=
substr
(
md5
(
$csrf_key
.
"-"
.
$already
[
"id"
]
.
"-"
.
$already
[
"jabberid"
]
.
"-"
.
intval
((
time
()
-
14400
)
/
14400
)
),
0
,
16
);
if
(
$key
!=
$_GET
[
"key"
]
&&
$key2
!=
$_GET
[
"key"
])
{
$error
[]
=
_
(
"The provided key is incorrect, please check your mail or contact us."
);
}
if
(
count
(
$error
)
==
0
)
{
...
...
tool_mail.php
0 → 100644
View file @
acc33c53
<?php
require_once
(
"my/config.php"
);
echo
"Hashed email value is :"
.
hashmail
(
$argv
[
1
])
.
"
\n
"
;
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment