Skip to content

Commit

Permalink
feat: secure cookie login with password_hash
Browse files Browse the repository at this point in the history 
- use password_hash() and password_verify() to secure cookie login

Signed-off-by: SPC <[email protected]>
  • Loading branch information
@specialpointcentral
specialpointcentral committed Jan 4, 2025
1 parent 353a013 commit 27b6d6a
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 38 deletions.
60 changes: 26 additions & 34 deletions include/functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1980,24 +1980,14 @@ function userlogin() {
do_log("$log, param not enough");
return $loginResult = false;
}
if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
//if (empty($_SESSION["s_secure_uid"]) || empty($_SESSION["s_secure_pass"]))
//return;
}

$b_id = base64($_COOKIE["c_secure_uid"],false);
$id = intval($b_id ?? 0);
if (!$id || !is_valid_id($id) || strlen($_COOKIE["c_secure_pass"]) != 32) {
if (!$id || !is_valid_id($id)) {
do_log("$log, invalid c_secure_uid");
return $loginResult = false;
}

if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
//if (strlen($_SESSION["s_secure_pass"]) != 32)
//return;
}

$res = sql_query("SELECT * FROM users WHERE users.id = ".sqlesc($id)." AND users.enabled='yes' AND users.status = 'confirmed' LIMIT 1");
$row = mysql_fetch_array($res);
if (!$row) {
Expand All @@ -2009,29 +1999,31 @@ function userlogin() {

//die(base64_decode($_COOKIE["c_secure_login"]));

if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
/**
* Not IP related
* @since 1.8.0
*/
// $md5 = md5($row["passhash"].$ip);
$md5 = md5($row["passhash"]);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, ip: $ip, md5: $md5";
if ($_COOKIE["c_secure_pass"] != $md5) {
do_log("$log, c_secure_pass != md5");
$passh = base64_decode($_COOKIE["c_secure_pass"]);
$verify = password_verify($row["passhash"], $passh);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, ip: $ip, password_hash: $passh";
if (!$verify) {
do_log("$log, password_verify fail!");
return $loginResult = false;
}
}
else
{
$md5 = md5($row["passhash"]);
$log .= "$log, passhash: {$row['passhash']}, md5: $md5";
if ($_COOKIE["c_secure_pass"] !== $md5) {
do_log("$log, c_secure_pass != md5");
}
else
{
$passh = base64_decode($_COOKIE["c_secure_pass"]);
$verify = password_verify($row["passhash"], $passh);
$log .= ", passhash: {$row['passhash']}, password_hash: $passh";
if (!$verify) {
do_log("$log, password_verify fail!");
return $loginResult = false;
}
}
}

if ($_COOKIE["c_secure_login"] == base64("yeah"))
{
Expand Down Expand Up @@ -3015,22 +3007,22 @@ function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff, $secu
if ($expires != 0x7fffffff)
$expires = time()+$expires;

setcookie("c_secure_uid", base64($id), $expires, "/", "", false, true);
setcookie("c_secure_pass", $passhash, $expires, "/", "", false, true);
setcookie("c_secure_uid", base64($id), $expires, "/", "", $ssl, true);
setcookie("c_secure_pass", $passhash, $expires, "/", "", $ssl, true);
if($ssl)
setcookie("c_secure_ssl", base64("yeah"), $expires, "/", "", false, true);
setcookie("c_secure_ssl", base64("yeah"), $expires, "/", "", $ssl, true);
else
setcookie("c_secure_ssl", base64("nope"), $expires, "/", "", false, true);
setcookie("c_secure_ssl", base64("nope"), $expires, "/", "", $ssl, true);

if($trackerssl)
setcookie("c_secure_tracker_ssl", base64("yeah"), $expires, "/", "", false, true);
setcookie("c_secure_tracker_ssl", base64("yeah"), $expires, "/", "", $ssl, true);
else
setcookie("c_secure_tracker_ssl", base64("nope"), $expires, "/", "", false, true);
setcookie("c_secure_tracker_ssl", base64("nope"), $expires, "/", "", $ssl, true);

if ($securelogin)
setcookie("c_secure_login", base64("yeah"), $expires, "/", "", false, true);
setcookie("c_secure_login", base64("yeah"), $expires, "/", "", $ssl, true);
else
setcookie("c_secure_login", base64("nope"), $expires, "/", "", false, true);
setcookie("c_secure_login", base64("nope"), $expires, "/", "", $ssl, true);


if ($updatedb)
Expand Down
8 changes: 4 additions & 4 deletions public/takelogin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,14 @@ function bark($text = "")
* @since 1.8.0
*/
// $passh = md5($row["passhash"].$ip);
$passh = md5($row["passhash"]);
$log .= ", secure login == yeah, passhash: {$row['passhash']}, ip: $ip, md5: $passh";
$passh = base64_encode(password_hash($row["passhash"], PASSWORD_DEFAULT));
$log .= ", secure login == yeah, passhash: {$row['passhash']}, ip: $ip, password_hash: $passh";
}
else
{
$securelogin_indentity_cookie = false;
$passh = md5($row["passhash"]);
$log .= ", passhash: {$row['passhash']}, md5: $passh";
$passh = base64_encode(password_hash($row["passhash"], PASSWORD_DEFAULT));
$log .= ", passhash: {$row['passhash']}, password_hash: $passh";
}

if ($securelogin=='yes' || (isset($_POST["ssl"]) && $_POST["ssl"] == "yes"))
Expand Down

0 comments on commit 27b6d6a

Please sign in to comment.