Pannous

Pannous Commit Details

Date:2020-11-27 12:00:44 (9 months 23 days ago)
Author:Grégory Soutadé
Branch:master
Commit:a09ad458fd5ef879858ef93e1b4b748f231d2a37
Parents: 5ab54b2af83e1abffe5f515f0afd1e8ff642cb24
Message:Store users salt as hexadecimal string, not raw bytes

Changes:
Mfuel/app/classes/model/lists.php (2 diffs)
Mfuel/app/classes/model/users.php (2 diffs)

File differences

fuel/app/classes/model/lists.php
314314
315315
316316
317
317
318318
319319
320320
......
410410
411411
412412
413
413
public function generateSubscribeToken($user)
{
$data = $this->email . $user->email . $user->salt;
$data = $this->email . $user->email . hex2bin($user->salt);
$result = openssl_digest ($data , "SHA256");
return $result;
}
}
?>
?>
fuel/app/classes/model/users.php
4747
4848
4949
50
51
50
51
5252
5353
5454
......
144144
145145
146146
147
148
147
149148
150149
151150
'salt' => array(
'data_type' => 'varchar',
'form' => array('type' => false),
'default' => '',
'validation' => array('max_length' => array(32)),
'default' => null,
'validation' => array('max_length' => array(64)),
),
'group' => array(
'data_type' => 'int',
);
$user = Model_Users::query()->where('email', $email)->get_one();
$salt = openssl_random_pseudo_bytes (32);
$user->set(array('salt' => $salt));
$salt = bin2hex(openssl_random_pseudo_bytes (32));
$user->salt = $salt;
return $user;

Archive Download the corresponding diff file

Branches