Authenticate email login using changing keys

This commit is contained in:
Retro_Guy 2021-06-11 07:50:54 +00:00
parent 44c32c218c
commit 662046f50f
2 changed files with 32 additions and 2 deletions

View File

@ -10,6 +10,9 @@ include "newsportal.php";
$offset=$CONFIG['timezone']; $offset=$CONFIG['timezone'];
} }
$keyfile = $spooldir.'/keys.dat';
$keys = unserialize(file_get_contents($keyfile));
include "head.inc"; include "head.inc";
// How long should cookie allow user to stay logged in? // How long should cookie allow user to stay logged in?
@ -20,11 +23,11 @@ include "head.inc";
$_POST['username'] = $_COOKIE['mail_name']; $_POST['username'] = $_COOKIE['mail_name'];
} }
$name = $_POST['username']; $name = $_POST['username'];
if(password_verify($_POST['username'].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['auth'])) { if((password_verify($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['auth'])) || (password_verify($_POST['username'].$keys[1].get_user_config($_POST['username'],'encryptionkey'), $_COOKIE['auth']))) {
$logged_in = true; $logged_in = true;
} else { } else {
if(check_bbs_auth($_POST['username'], $_POST['password'])) { if(check_bbs_auth($_POST['username'], $_POST['password'])) {
$authkey = password_hash($_POST['username'].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT); $authkey = password_hash($_POST['username'].$keys[0].get_user_config($_POST['username'],'encryptionkey'), PASSWORD_DEFAULT);
?> ?>
<script type="text/javascript"> <script type="text/javascript">
if (navigator.cookieEnabled) if (navigator.cookieEnabled)

View File

@ -67,6 +67,9 @@ foreach($menulist as $menu) {
# Rotate log files # Rotate log files
log_rotate(); log_rotate();
echo "Log files rotated\n"; echo "Log files rotated\n";
# Rotate keys
rotate_keys();
echo "Keys rotated\n";
function log_rotate() { function log_rotate() {
global $logdir; global $logdir;
@ -91,6 +94,30 @@ function log_rotate() {
} }
} }
function rotate_keys() {
global $spooldir;
$keyfile = $spooldir.'/keys.dat';
$newkeys = array();
if(filemtime($keyfile)+14400 > time()) {
return;
} else {
$new = true;
if(is_file($keyfile)) {
$keys = unserialize(file_get_contents($keyfile));
$new = false;
}
if($new !== true) {
$newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
$newkeys[1] = $keys[0];
} else {
$newkeys[0] = base64_encode(openssl_random_pseudo_bytes(44));
$newkeys[1] = base64_encode(openssl_random_pseudo_bytes(44));
}
}
file_put_contents($keyfile, serialize($newkeys));
touch($keyfile);
}
function change_identity( $uid, $gid ) function change_identity( $uid, $gid )
{ {
if( !posix_setgid( $gid ) ) if( !posix_setgid( $gid ) )