Increase size of secret hash and chagne it's algorithm

LiveHelperChat · Mar 31, 2022 · 6538d6d · 6538d6d
1 parent c41f283
commit 6538d6d
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/lhc_web/cli/lib/install.php b/lhc_web/cli/lib/install.php
@@ -84,7 +84,7 @@ function step2() {
             foreach ($database as $key => $value) {
                 $cfgSite->setSetting( 'db', $key, $value);
             }
-            $cfgSite->setSetting( 'site', 'secrethash', substr(md5(time() . ":" . mt_rand()),0,10));
+            $cfgSite->setSetting( 'site', 'secrethash', erLhcoreClassChat::generateHash(80));
             return true;
         } else {
             return $Errors;

diff --git a/lhc_web/modules/lhcaptcha/captchastring.php b/lhc_web/modules/lhcaptcha/captchastring.php
@@ -8,7 +8,7 @@
 header('Cache-Control: post-check=0, pre-check=0', false );
 header('Pragma: no-cache' );
 
-$hash = sha1(erLhcoreClassIPDetect::getIP().$Params['user_parameters']['timets'].erConfigClassLhConfig::getInstance()->getSetting( 'site', 'secrethash' ));
+$hash = sha1(erLhcoreClassIPDetect::getIP() . $Params['user_parameters']['timets'] . erConfigClassLhConfig::getInstance()->getSetting( 'site', 'secrethash' ));
 
 if ( (time()-$Params['user_parameters']['timets']) > 600 || (time()-($Params['user_parameters']['timets'] - 5)) < 0) {
 	echo json_encode(array('result' => 'false'));

diff --git a/lhc_web/modules/lhinstall/install.php b/lhc_web/modules/lhinstall/install.php
@@ -164,7 +164,7 @@
                 $cfgSite->setSetting( 'db', 'password', $form->DatabasePassword);
                 $cfgSite->setSetting( 'db', 'database', $form->DatabaseDatabaseName);
                 $cfgSite->setSetting( 'db', 'port', $form->DatabasePort);
-                $cfgSite->setSetting( 'site', 'secrethash', (!empty(getenv('LHC_SECRET_HASH')) ? getenv('LHC_SECRET_HASH') : substr(md5(time() . ":" . mt_rand()),0,10)));
+                $cfgSite->setSetting( 'site', 'secrethash', (!empty(getenv('LHC_SECRET_HASH')) ? getenv('LHC_SECRET_HASH') : erLhcoreClassChat::generateHash(80)));
                 $cfgSite->save();
 
                 $tpl->setFile('lhinstall/install3.tpl.php');