diff options
| author | nashe <contact@nashe.fr> | 2015-08-04 17:11:23 +0200 |
|---|---|---|
| committer | nashe <contact@nashe.fr> | 2015-08-04 17:11:23 +0200 |
| commit | cb5e73816fa0308b22c7274509b23059ce1d5eda (patch) | |
| tree | df25afeb4c4c0b2438a187976265599b2e1c5bd0 /admin | |
| parent | d77b52c4c194edce0060cbb99fd07d31645297e6 (diff) | |
| download | planet-cb5e73816fa0308b22c7274509b23059ce1d5eda.tar planet-cb5e73816fa0308b22c7274509b23059ce1d5eda.tar.gz planet-cb5e73816fa0308b22c7274509b23059ce1d5eda.tar.bz2 planet-cb5e73816fa0308b22c7274509b23059ce1d5eda.tar.xz planet-cb5e73816fa0308b22c7274509b23059ce1d5eda.zip | |
Make authentication timing-safe
Improve the authentication to make it timing-safe against bruteforce
attacks.
See code comments for more details on the implementation.
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/inc/auth.inc.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/admin/inc/auth.inc.php b/admin/inc/auth.inc.php index 1640cb0..db6e571 100644 --- a/admin/inc/auth.inc.php +++ b/admin/inc/auth.inc.php @@ -1,8 +1,9 @@ <?php include dirname(__FILE__).'/pwd.inc.php'; +require_once __DIR__.'/../../app/classes/Planet.class.php'; -if (!isset($_COOKIE['auth']) || $_COOKIE['auth'] !== $password) { +if (!Planet::authenticateUser($_COOKIE['auth'], $password)) { setcookie('auth', '', time() - 3600); header('Location: login.php'); die(); |