IsleHorse/HISP
1
0
Fork 0
mirror of https://github.com/islehorse/HISP.git synced 2025-04-10 07:05:41 +12:00
Code Issues Projects Releases Packages Wiki Activity Actions

make hmac cross site login more secure

Browse source
This commit is contained in:
SilicaAndPina 2021-05-19 12:49:47 +12:00
parent b2ce6be543
commit 1460c93d11
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
WebInterface/master-site/account.php
View file

@ -51,7 +51,7 @@ if(isset($_GET['CONNECT']))
{ {
$playerId = $_SESSION['PLAYER_ID']; $playerId = $_SESSION['PLAYER_ID'];
$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin"); $hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
$redirectUrl = $server['site']; $redirectUrl = $server['site'];
if(!endsWith($redirectUrl, '/')) if(!endsWith($redirectUrl, '/'))

2
WebInterface/master-site/joinserver.php
View file

@ -18,7 +18,7 @@ if(isset($_GET['SERVER']))
{ {
createAccountOnServer($server['database']); createAccountOnServer($server['database']);
$hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin"); $hmac = hash_hmac('sha256', (string)$playerId, $hmac_secret."CrossSiteLogin".$_SERVER['REMOTE_ADDR'].date('m/d/Y'));
$redirectUrl = $server['site']; $redirectUrl = $server['site'];
if(!endsWith($redirectUrl, '/')) if(!endsWith($redirectUrl, '/'))