MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

improved password generation algorithm in reset password

pull/217/head
Christophe Vandeplas 2013-07-11 14:26:28 +02:00
parent 3ef36db5bf
commit 7949181fbc
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Controller/UsersController.php
View File

@ -624,7 +624,7 @@ class UsersController extends AppController {
$recipients[0] = $emails[$this->request->data['User']['recipientEmailList']];
$recipientGPG[0] = $gpgKeys[$this->request->data['User']['recipientEmailList']];
if ($this->request->data['User']['action'] == '1') {
$password = $this->__randomPassword();
$password = $this->User->generateRandomPassword();
$message[0] = $message1 . "\n\nYour temporary password: " . $password . $message2;
$recipientPass[0] = $password;
} else {
@ -637,7 +637,7 @@ class UsersController extends AppController {
$recipients[0] = $this->request->data['User']['recipientEmail'];
$recipientGPG[0] = $this->request->data['User']['gpg'];
if ($this->request->data['User']['action'] == '1') {
$password = $this->__randomPassword();
$password = $this->User->generateRandomPassword();
$message[0] = $message1 . "\n\nYour temporary password: " . $password . $message2;
$recipientPass[0] = $password;
} else {
@ -697,15 +697,4 @@ class UsersController extends AppController {
// User didn't see the contact form yet. Present it to him.
}
private function __randomPassword() {
$alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ0123456789";
$pass = array();
$alphaLength = strlen($alphabet) - 1;
for ($i = 0; $i < 8; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
return implode($pass);
}
}

14
app/Model/User.php
View File

@ -316,7 +316,6 @@ class User extends AppModel {
* Generates an authentication key for each user
*/
public function generateAuthKey() {
//$key = sha1(mt_rand(30, 30).time());
$length = 40;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charLen = strlen($characters) - 1;
@ -324,10 +323,21 @@ class User extends AppModel {
for ($p = 0; $p < $length; $p++) {
$key .= $characters[rand(0, $charLen)];
}
return $key;
}
private function generateRandomPassword() {
$length = 12;
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-+=!@#$%&*()<>/?';
$charLen = strlen($characters) - 1;
$key = '';
for ($p = 0; $p < $length; $p++) {
$key .= $characters[rand(0, $charLen)];
}
return $key;
}
public function checkAndCorrectPgps() {
$fails = array();
$users = $this->find('all', array('recursive' => 0));