diff --git a/Modules/user/profile/profile.js b/Modules/user/profile/profile.js
index f8e78f7d6..adb51a2ea 100644
--- a/Modules/user/profile/profile.js
+++ b/Modules/user/profile/profile.js
@@ -124,6 +124,10 @@ var app = new Vue({
$.ajax({type:"POST",url: path+"user/deleteall.json", data: "mode=dryrun", dataType: 'text', success: function(result){
$("#deleteall-output").html(result);
}});
+ },
+ new_apikey: function(type) {
+ $("#apikey_type").html(type);
+ $('#modalNewApikey').modal('show');
}
}
});
@@ -161,6 +165,14 @@ $("#logoutdelete").click(function() {
}});
});
+$("#confirm_generate_apikey").click(function() {
+ var type = $("#apikey_type").html();
+ $.ajax({ url: path+"user/newapikey"+type+".json", dataType: 'json', success: function(result){
+ app.user['apikey_'+type] = result;
+ $('#modalNewApikey').modal('hide');
+ }});
+});
+
// Theme selection used in conjunction with code in Lib/emoncms.js
$(".themecolor[name='"+current_themecolor+"']").addClass("color-box-active");
$(".themecolor").click(function() {
diff --git a/Modules/user/profile/profile.php b/Modules/user/profile/profile.php
index 8765fdcb4..28714cec2 100644
--- a/Modules/user/profile/profile.php
+++ b/Modules/user/profile/profile.php
@@ -25,6 +25,7 @@
|
{{ user.id }} |
+ |
|
@@ -37,6 +38,7 @@
|
+ |
|
@@ -48,16 +50,19 @@
|
+ |
|
{{ user.apikey_write }} |
')"> |
+ |
|
{{ user.apikey_read }} |
')"> |
+ |
|
@@ -81,6 +86,7 @@
|
+ |
@@ -231,8 +237,23 @@
+
+
-
+
diff --git a/Modules/user/rememberme_model.php b/Modules/user/rememberme_model.php
index d89173bb2..645b22324 100644
--- a/Modules/user/rememberme_model.php
+++ b/Modules/user/rememberme_model.php
@@ -203,7 +203,7 @@ public function loginTokenWasInvalid() {
// Create a pseudo-random token.
// ---------------------------------------------------------------------------------------------------------
private function createToken() {
- return md5(uniqid(mt_rand(), true));
+ return bin2hex(random_bytes(16));
}
// ---------------------------------------------------------------------------------------------------------
private function getCookieValues()
diff --git a/Modules/user/user_model.php b/Modules/user/user_model.php
index a3e4f2cac..10d707177 100644
--- a/Modules/user/user_model.php
+++ b/Modules/user/user_model.php
@@ -247,11 +247,11 @@ public function register($username, $password, $email, $timezone)
// If we got here the username, password and email should all be valid
$hash = hash('sha256', $password);
- $salt = md5(uniqid(mt_rand(), true));
+ $salt = bin2hex(random_bytes(16));
$password = hash('sha256', $salt . $hash);
- $apikey_write = md5(uniqid(mt_rand(), true));
- $apikey_read = md5(uniqid(mt_rand(), true));
+ $apikey_write = bin2hex(random_bytes(16));
+ $apikey_read = bin2hex(random_bytes(16));
$stmt = $this->mysqli->prepare("INSERT INTO users ( username, password, email, salt ,apikey_read, apikey_write, timezone, admin) VALUES (?,?,?,?,?,?,?,0)");
$stmt->bind_param("sssssss", $username, $password, $email, $salt, $apikey_read, $apikey_write, $timezone);
@@ -297,7 +297,7 @@ public function send_verification_email($username)
if ($email_verified) return array('success'=>false, 'message'=>_("Email already verified"));
// Create new verification key
- $verification_key = md5(uniqid(mt_rand(), true));
+ $verification_key = bin2hex(random_bytes(16));
// Save new verification key
$stmt = $this->mysqli->prepare("UPDATE users SET verification_key=? WHERE id=?");
$stmt->bind_param("si",$verification_key,$id);
@@ -812,7 +812,7 @@ public function set($userid,$data)
public function new_apikey_read($userid)
{
$userid = (int) $userid;
- $apikey = md5(uniqid(mt_rand(), true));
+ $apikey = bin2hex(random_bytes(16));
$stmt = $this->mysqli->prepare("UPDATE users SET apikey_read = ? WHERE id = ?");
$stmt->bind_param("si", $apikey, $userid);
@@ -826,7 +826,7 @@ public function new_apikey_read($userid)
public function new_apikey_write($userid)
{
$userid = (int) $userid;
- $apikey = md5(uniqid(mt_rand(), true));
+ $apikey = bin2hex(random_bytes(16));
$stmt = $this->mysqli->prepare("UPDATE users SET apikey_write = ? WHERE id = ?");
$stmt->bind_param("si", $apikey, $userid);