RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[SECURITY] Better token generator

Browse Source
This commit is contained in:
Sebastian Grewe 2013-12-30 12:15:36 +01:00
parent fad153728a
commit 2c18abf8be
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/include/classes/token.class.php
View File

@ -29,11 +29,11 @@ class Token Extends Base {
* @return mixed Token string on success, false on failure
**/
public function createToken($strType, $account_id=NULL) {
$strToken = hash('sha256', $account_id.$strType.microtime());
if (!$iToken_id = $this->tokentype->getTypeId($strType)) {
$this->setErrorMessage('Invalid token type: ' . $strType);
return false;
}
$strToken = bin2hex(openssl_random_pseudo_bytes(32));
$stmt = $this->mysqli->prepare("
INSERT INTO $this->table (token, type, account_id)
VALUES (?, ?, ?)