Commit acc33c53 authored by Benjamin Sonntag's avatar Benjamin Sonntag

adding a tool to compute a hash for a mail + fixing csrf (for good)

parent 27ff9a47
......@@ -25,8 +25,8 @@ $debug=false;
$fields=array("csrf","id","key","pass1","pass2","url");
$found=0;
foreach($fields as $f) if (isset($_POST[$f])) $found++;
$error=array();
$info=array();
if (!count($error)) $error=array();
if (!count($info)) $info=array();
if ($found==6 && $_POST["url"]=="") {
$_GET["id"]=$_POST["id"];
......
......@@ -93,8 +93,9 @@ if (isset($_GET["id"]) && isset($_GET["key"])) {
if ($already["disabledate"]!="") {
$error[]=sprintf(_("This account have been disabled. <a href=\"%s\">Click here to restore it</a>."),"recover.php");
}
$key=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]),0,16);
if ($key!=$_GET["key"]) {
$key=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]."-".intval(time()/14400) ),0,16);
$key2=substr(md5($csrf_key."-".$already["id"]."-".$already["jabberid"]."-".intval((time()-14400)/14400) ),0,16);
if ($key!=$_GET["key"] && $key2!=$_GET["key"]) {
$error[]=_("The provided key is incorrect, please check your mail or contact us.");
}
if (count($error)==0) {
......
<?php
require_once("my/config.php");
echo "Hashed email value is :".hashmail($argv[1])."\n";
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment