danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add stronger randomness on session key generation

Browse Source
This commit is contained in:
Daniel Winzen
2016-11-19 06:50:57 +01:00
parent 88a91658bb
commit bcc80c468d
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
chat.php
View File

@ -2246,7 +2246,11 @@ function write_new_session(){
// create new session // create new session
$stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'sessions WHERE session=?;'); $stmt=$db->prepare('SELECT * FROM ' . PREFIX . 'sessions WHERE session=?;');
do{ do{
$U['session']=md5(time().mt_rand().$U['nickname']); if(function_exists('random_bytes')){
$U['session']=bin2hex(random_bytes(16));
}else{
$U['session']=md5(uniqid($U['nickname'], true).mt_rand());
}
$stmt->execute([$U['session']]); $stmt->execute([$U['session']]);
}while($stmt->fetch(PDO::FETCH_NUM)); // check for hash collision }while($stmt->fetch(PDO::FETCH_NUM)); // check for hash collision
if(isSet($_SERVER['HTTP_USER_AGENT'])){ if(isSet($_SERVER['HTTP_USER_AGENT'])){