File inc/token.inc.php changed (mode: 100644) (index be41c1f..2d3b4db) |
... |
... |
function rg_token_get($db, $rg, $tag) |
232 |
232 |
if ($sign_key === FALSE) |
if ($sign_key === FALSE) |
233 |
233 |
break; |
break; |
234 |
234 |
|
|
|
235 |
|
// Add a random string to protect against BREACH attack |
235 |
236 |
$rand = rg_id(16); |
$rand = rg_id(16); |
236 |
237 |
$data = $rand . $rg['sid'] . $rg['ua'] . $tag; |
$data = $rand . $rg['sid'] . $rg['ua'] . $tag; |
237 |
238 |
$sign = hash_hmac('sha512', $data, $sign_key); |
$sign = hash_hmac('sha512', $data, $sign_key); |
File inc/user.inc.php changed (mode: 100644) (index 35380d3..47aedee) |
... |
... |
function rg_user_set_session_cookie($db, $uid, $sess_time, $lock_ip) |
839 |
839 |
rg_sess_add($db, $uid, $sid, $sess_time, $lock_ip); |
rg_sess_add($db, $uid, $sid, $sess_time, $lock_ip); |
840 |
840 |
else |
else |
841 |
841 |
$sid = "X" . $sid; |
$sid = "X" . $sid; |
842 |
|
setcookie("sid", $sid, 0, "/", $_SERVER['SERVER_NAME'], |
|
843 |
|
$secure, TRUE /* httponly */); |
|
|
842 |
|
if (isset($_SERVER['SERVER_NAME'])) |
|
843 |
|
setcookie('sid', $sid, 0, '/', $_SERVER['SERVER_NAME'], |
|
844 |
|
$secure, TRUE /*httponly*/); |
844 |
845 |
|
|
845 |
846 |
rg_log_exit(); |
rg_log_exit(); |
846 |
847 |
return $sid; |
return $sid; |