m17hr1l/nibiru-framework.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace DES_DECRYPT with AES_DECRYPT in auth.php

Browse Source 
The decryption method used in the SQL query within auth.php has been changed. The outdated DES_DECRYPT was replaced with AES_DECRYPT to improve security. The change is expected to provide a more secure and reliable decryption process for user passwords.
This commit is contained in:
stephan.kasdorf
2024-03-11 10:23:32 +01:00
parent 16c1a08345
commit c7f89194ea
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/c/auth.php
View File

@@ -51,7 +51,7 @@ class Auth extends Controller implements IAuth
$this->_setUsername($login); $this->_setUsername($login);
if(!array_key_exists('auth', $_SESSION) || $_SESSION['auth'] == null) if(!array_key_exists('auth', $_SESSION) || $_SESSION['auth'] == null)
{ {
$user_password = Pdo::query("SELECT user_account_active, DES_DECRYPT(user_pass, '".Config::getInstance()->getConfig()[IView::NIBIRU_SECURITY]["password_hash"]."') AS pass, user_id FROM user WHERE user_login = '".$login."';"); $user_password = Pdo::query("SELECT user_account_active, AES_DECRYPT(user_pass, '".Config::getInstance()->getConfig()[IView::NIBIRU_SECURITY]["password_hash"]."') AS pass, user_id FROM user WHERE user_login = '".$login."';");
if( $user_password["pass"] == $password && $user_password['user_account_active'] == 1 ) if( $user_password["pass"] == $password && $user_password['user_account_active'] == 1 )
{ {
$session_id = session_id(); $session_id = session_id();