OpenSSL > libsodium, authenticate username, PHP 8.2+
This commit is contained in:
Miraty
parent
5f22b0ccbb
commit
6b1b3547c3
2 changed files with 14 additions and 16 deletions
19
fn/auth.php
19
fn/auth.php
|
|
@ -63,17 +63,16 @@ function logout() {
|
|||
}
|
||||
|
||||
function setupDisplayUsername($display_username) {
|
||||
$iv = random_bytes(12);
|
||||
$key = random_bytes(64);
|
||||
$cyphertext = openssl_encrypt(
|
||||
$nonce = random_bytes(24);
|
||||
$key = sodium_crypto_aead_xchacha20poly1305_ietf_keygen();
|
||||
$cyphertext = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt(
|
||||
htmlspecialchars($display_username),
|
||||
'chacha20-poly1305',
|
||||
$key,
|
||||
0,
|
||||
$iv
|
||||
NULL,
|
||||
$nonce,
|
||||
$key
|
||||
);
|
||||
|
||||
$_SESSION['display-username-iv'] = $iv;
|
||||
$_SESSION['display-username-nonce'] = $nonce;
|
||||
setcookie(
|
||||
'display-username-decryption-key',
|
||||
base64_encode($key),
|
||||
|
|
@ -106,7 +105,7 @@ function rateLimitAccount($requestedTokens) {
|
|||
$tokens = min(86400, $tokens + (time() - $bucketLastUpdate));
|
||||
|
||||
if ($requestedTokens > $tokens)
|
||||
output(453, 'Limite d\'actions par compte atteinte. Réessayez plus tard.');
|
||||
output(453, _('Account rate limit reached, try again later.'));
|
||||
|
||||
$tokens -= $requestedTokens;
|
||||
|
||||
|
|
@ -128,7 +127,7 @@ function rateLimitInstance($requestedTokens) {
|
|||
$tokens = min(86400, $tokens + (time() - $bucketLastUpdate));
|
||||
|
||||
if ($requestedTokens > $tokens)
|
||||
output(453, 'Limite d\'actions globale atteinte. Réessayez plus tard.');
|
||||
output(453, _('Global rate limit reached, try again later.'));
|
||||
|
||||
$tokens -= $requestedTokens;
|
||||
|
||||
|
|
|
|||
11
router.php
11
router.php
|
|
@ -111,13 +111,12 @@ if ($_POST !== []) {
|
|||
if (isset($_SESSION['id'])) {
|
||||
if (!isset($_COOKIE['display-username-decryption-key']))
|
||||
output(403, 'The display username decryption key has not been sent.');
|
||||
$decryption_result = openssl_decrypt(
|
||||
$decryption_result = htmlspecialchars(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
|
||||
$_SESSION['display-username-cyphertext'],
|
||||
'chacha20-poly1305',
|
||||
base64_decode($_COOKIE['display-username-decryption-key']),
|
||||
0,
|
||||
$_SESSION['display-username-iv']
|
||||
);
|
||||
NULL,
|
||||
$_SESSION['display-username-nonce'],
|
||||
base64_decode($_COOKIE['display-username-decryption-key'])
|
||||
));
|
||||
if ($decryption_result === false)
|
||||
output(403, 'Unable to decrypt display username.');
|
||||
define('DISPLAY_USERNAME', $decryption_result);
|
||||
|
|
|
|||
Loading…
Reference in a new issue