function csrf_token()
{
if (isset($_COOKIE['csrf_token']) && strlen($_COOKIE['csrf_token']) >= 8) {
return $_COOKIE['csrf_token'];
}
static $token = null;
if ($token === null) {
$token = gen_token();
setcookie('csrf_token', $token, time() + 10 * 360 * 24 * 60 * 60, root_path(), false, \bmtmgr\config\get('force_https', false), true);
}
return $token;
}
<?php
include_once 'lib.php';
set_path();
force_ssl();
session_start();
$login_failed = false;
if (!($db = db_connect())) {
echo "Database error<br>";
exit;
}
$hashed = crypt($pwd, '$6$' . $salt);
$query = 'select user_id from user';
$stmt = $db->prepare($query);
$stmt->bind_param('ss', $username, $hashed);
$stmt->execute();
$stmt->store_result();
$num_rows = $stmt->num_rows;
if ($num_rows > 0) {
$stmt->bind_result($user_id);
while ($stmt->fetch()) {
$selector = gen_token(6);
echo $selector . "<br>";
$q = "update user \r\n set selector='{$selector}'\r\n where user_id = {$user_id}";
$stmt2 = $db->prepare($q);
//$stmt2->execute();
}
}
$stmt->close();
$db->close();
function app_submit($p)
{
$lines = line_split(get_content($p->pdir, 'format.txt'));
$gen = array();
$i = 0;
foreach ($lines as $line) {
if (strtolower($line) == 'hr') {
$gen[] = array('rawhtml', '<hr/>');
continue;
}
$label = trim(from(explode(':', $line), 1));
$value = xssafe(from($_REQUEST, 'apply-' . $i));
$gen[] = array('item', $label, $value);
$i++;
}
$app_id = gen_token(8);
$json = array('app_id' => $app_id, 'app_title' => from($_REQUEST, 'apply-title'), 'gen' => $gen, 'notes' => array(), 'votes' => array('yes' => array(), 'no' => array()), 'created' => time(), 'lastmod' => time(), 'applicant' => user_email());
$title_encoded = urlencode($json['app_title']);
$title_encoded = str_replace('.', '%2E', $title_encoded);
$title_encoded = str_replace('-', '%2D', $title_encoded);
$file = $p->pdir . 'apps/' . POS_LABEL . '/' . $app_id . '-' . $title_encoded . '-' . $json['created'] . '-' . sha1(user_email()) . '.json';
if (!is_dir(dirname($file))) {
mkdir(dirname($file), 0777, true);
}
file_put_contents($file, json_encode($json, JSON_PRETTY_PRINT));
chmod($file, 0777);
}
?>
<div class="error-msg">
<p><?php
echo $_SESSION['error'];
?>
</p>
</div>
<?php
unset($_SESSION['error']);
}
?>
<form action="" method="post">
<div class="field">
<label for="username">Usuário</label>
<input type="text" name="username" id="username" autocomplete="on">
</div>
<div class="field">
<label for="password">Senha</label>
<input type="password" name="password" id="password" autocomplete="off">
</div>
<input type="hidden" name="token" value="<?php
echo gen_token();
?>
">
<input type="submit" value="Log in" name="submit">
</form>
</body>
</html>
$stmt = $db->prepare($query);
$stmt->bind_param('ss', $username, $hashed);
$stmt->execute();
$stmt->store_result();
$num_rows = $stmt->num_rows;
if ($num_rows > 0) {
$stmt->bind_result($user_id, $selector);
$stmt->fetch();
$_SESSION['valid_user'] = $username;
$_SESSION['user_id'] = $user_id;
/******* COOKIE STUFF *********/
if (isset($_POST['rememberMe'])) {
$rememberMe = input_clean($_POST['rememberMe']);
if (input_clean($_POST['rememberMe']) == 'yes') {
$exp = time() + 86400 * 30;
$token = gen_token();
/**/
setcookie("selector", $selector, $exp);
setcookie("token", $token, $exp);
setcookie("active", true, $exp);
/**/
$hToken = crypt($token, "\$5\$");
$updateToken = "Update user set token='{$hToken}' where user_id={$user_id}";
$st = $db->prepare($updateToken);
if (!$st->execute()) {
echo "<br><br><br>Error";
exit;
}
$st->close();
}
}
<?php
/**
* session token collision test script
*/
function gen_token()
{
$chars = array_merge(range("z", "a"), range("Z", "A"), range("0", "9"));
//Define the array length here so we dont have to call count() on each iteration
$chars_len = count($chars) - 1;
$token_len = 5;
$token = "";
for ($i = 0; $i < $token_len; $i++) {
$token .= $chars[mt_rand(0, $chars_len)];
}
return $token;
}
$origin = gen_token();
$i = 0;
while (($current = gen_token()) !== $origin && $i < 1000000) {
echo "Failed! at attempt #" . $i++ . "\n";
}
if ($origin == $current) {
print "Script terminated, success with {$i} attempts\n";
} else {
print "Script terminated, failed with {$i} attempts\n Origin: {$origin} \n Current: {$current}";
}
