Commit acc33c53 authored by Benjamin Sonntag's avatar Benjamin Sonntag
Browse files

adding a tool to compute a hash for a mail + fixing csrf (for good)

parent 27ff9a47
...@@ -25,8 +25,8 @@ $debug=false; ...@@ -25,8 +25,8 @@ $debug=false;
$fields=array("csrf","id","key","pass1","pass2","url"); $fields=array("csrf","id","key","pass1","pass2","url");
$found=0; $found=0;
foreach($fields as $f) if (isset($_POST[$f])) $found++; foreach($fields as $f) if (isset($_POST[$f])) $found++;
$error=array(); if (!count($error)) $error=array();
$info=array(); if (!count($info)) $info=array();
if ($found==6 && $_POST["url"]=="") { if ($found==6 && $_POST["url"]=="") {
$_GET["id"]=$_POST["id"]; $_GET["id"]=$_POST["id"];
......
...@@ -93,8 +93,9 @@ if (isset($_GET["id"]) && isset($_GET["key"])) { ...@@ -93,8 +93,9 @@ if (isset($_GET["id"]) && isset($_GET["key"])) {
if ($already["disabledate"]!="") { if ($already["disabledate"]!="") {
$error[]=sprintf(_("This account have been disabled. <a href=\"%s\">Click here to restore it</a>."),"recover.php"); $error[]=sprintf(_("This account have been disabled. <a href=\"%s\">Click here to restore it</a>."),"recover.php");
} }
$key=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]),0,16); $key=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]."-".intval(time()/14400) ),0,16);
if ($key!=$_GET["key"]) { $key2=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]."-".intval((time()-14400)/14400) ),0,16);
if ($key!=$_GET["key"] && $key2!=$_GET["key"]) {
$error[]=_("The provided key is incorrect, please check your mail or contact us."); $error[]=_("The provided key is incorrect, please check your mail or contact us.");
} }
if (count($error)==0) { if (count($error)==0) {
......
<?php
require_once("my/config.php");
echo "Hashed email value is :".hashmail($argv[1])."\n";
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment