RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1167 from TheSerapher/issue-1158

Browse Source 
[SECURITY] Better token generator
This commit is contained in:
Sebastian Grewe 2013-12-30 03:16:58 -08:00
commit e56f8f9acc
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/include/classes/token.class.php
View File

@ -29,11 +29,11 @@ class Token Extends Base {
* @return mixed Token string on success, false on failure * @return mixed Token string on success, false on failure
**/ **/
public function createToken($strType, $account_id=NULL) { public function createToken($strType, $account_id=NULL) {
$strToken = hash('sha256', $account_id.$strType.microtime());
if (!$iToken_id = $this->tokentype->getTypeId($strType)) { if (!$iToken_id = $this->tokentype->getTypeId($strType)) {
$this->setErrorMessage('Invalid token type: ' . $strType); $this->setErrorMessage('Invalid token type: ' . $strType);
return false; return false;
} }
$strToken = bin2hex(openssl_random_pseudo_bytes(32));
$stmt = $this->mysqli->prepare(" $stmt = $this->mysqli->prepare("
INSERT INTO $this->table (token, type, account_id) INSERT INTO $this->table (token, type, account_id)
VALUES (?, ?, ?) VALUES (?, ?, ?)