From 1460c93d119b45dd6605c176b5e9ea3d860e3146 Mon Sep 17 00:00:00 2001
From: SilicaAndPina <earsyum@gmail.com>
Date: Wed, 19 May 2021 12:49:47 +1200
Subject: [PATCH] make hmac cross site login more secure

---
 WebInterface/master-site/account.php    | 2 +-
 WebInterface/master-site/joinserver.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/WebInterface/master-site/account.php b/WebInterface/master-site/account.php
index 0288388..4d686bc 100755
--- a/WebInterface/master-site/account.php
+++ b/WebInterface/master-site/account.php
@@ -51,7 +51,7 @@ if(isset($_GET['CONNECT']))
 	{
 		$playerId = $_SESSION['PLAYER_ID'];
 		
-		$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin");
+		$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
 		$redirectUrl = $server['site'];
 		
 		if(!endsWith($redirectUrl, '/'))
diff --git a/WebInterface/master-site/joinserver.php b/WebInterface/master-site/joinserver.php
index 58b0b17..8651a0e 100644
--- a/WebInterface/master-site/joinserver.php
+++ b/WebInterface/master-site/joinserver.php
@@ -18,7 +18,7 @@ if(isset($_GET['SERVER']))
 			{				
 				createAccountOnServer($server['database']);
 				
-				$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin");
+				$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
 				$redirectUrl = $server['site'];
 				
 				if(!endsWith($redirectUrl, '/'))