mirror of https://github.com/MISP/MISP
improved password generation algorithm in reset password
parent
3ef36db5bf
commit
7949181fbc
|
@ -624,7 +624,7 @@ class UsersController extends AppController {
|
|||
$recipients[0] = $emails[$this->request->data['User']['recipientEmailList']];
|
||||
$recipientGPG[0] = $gpgKeys[$this->request->data['User']['recipientEmailList']];
|
||||
if ($this->request->data['User']['action'] == '1') {
|
||||
$password = $this->__randomPassword();
|
||||
$password = $this->User->generateRandomPassword();
|
||||
$message[0] = $message1 . "\n\nYour temporary password: " . $password . $message2;
|
||||
$recipientPass[0] = $password;
|
||||
} else {
|
||||
|
@ -637,7 +637,7 @@ class UsersController extends AppController {
|
|||
$recipients[0] = $this->request->data['User']['recipientEmail'];
|
||||
$recipientGPG[0] = $this->request->data['User']['gpg'];
|
||||
if ($this->request->data['User']['action'] == '1') {
|
||||
$password = $this->__randomPassword();
|
||||
$password = $this->User->generateRandomPassword();
|
||||
$message[0] = $message1 . "\n\nYour temporary password: " . $password . $message2;
|
||||
$recipientPass[0] = $password;
|
||||
} else {
|
||||
|
@ -697,15 +697,4 @@ class UsersController extends AppController {
|
|||
// User didn't see the contact form yet. Present it to him.
|
||||
}
|
||||
|
||||
private function __randomPassword() {
|
||||
$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
|
||||
$pass = array();
|
||||
$alphaLength = strlen($alphabet) - 1;
|
||||
for ($i = 0; $i < 8; $i++) {
|
||||
$n = rand(0, $alphaLength);
|
||||
$pass[] = $alphabet[$n];
|
||||
}
|
||||
return implode($pass);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -316,7 +316,6 @@ class User extends AppModel {
|
|||
* Generates an authentication key for each user
|
||||
*/
|
||||
public function generateAuthKey() {
|
||||
//$key = sha1(mt_rand(30, 30).time());
|
||||
$length = 40;
|
||||
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
$charLen = strlen($characters) - 1;
|
||||
|
@ -324,10 +323,21 @@ class User extends AppModel {
|
|||
for ($p = 0; $p < $length; $p++) {
|
||||
$key .= $characters[rand(0, $charLen)];
|
||||
}
|
||||
|
||||
return $key;
|
||||
}
|
||||
|
||||
private function generateRandomPassword() {
|
||||
$length = 12;
|
||||
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-+=!@#$%&*()<>/?';
|
||||
$charLen = strlen($characters) - 1;
|
||||
$key = '';
|
||||
for ($p = 0; $p < $length; $p++) {
|
||||
$key .= $characters[rand(0, $charLen)];
|
||||
}
|
||||
return $key;
|
||||
}
|
||||
|
||||
|
||||
public function checkAndCorrectPgps() {
|
||||
$fails = array();
|
||||
$users = $this->find('all', array('recursive' => 0));
|
||||
|
|
Loading…
Reference in New Issue