From 25ac89f6a7a51b34043fad388b7f81e4e07994e9 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Wed, 4 Aug 2021 16:56:37 +0100
Subject: [PATCH] see https://github.com/postfixadmin/postfixadmin/issues/523 -
 improve randomness when creating the PFA_token field; reported by
 @michaellrowley via huntr.dev.

---
 functions.inc.php      | 3 ++-
 public/users/login.php | 3 +--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/functions.inc.php b/functions.inc.php
index 3e647b84..a28af04a 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -108,7 +108,8 @@ function init_session($username, $is_admin = false)
     $_SESSION['sessid']['roles'] = array();
     $_SESSION['sessid']['roles'][] = $is_admin ? 'admin' : 'user';
     $_SESSION['sessid']['username'] = $username;
-    $_SESSION['PFA_token'] = md5(uniqid("", true));
+
+    $_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));
 
     return $status;
 }
diff --git a/public/users/login.php b/public/users/login.php
index ccb77b31..439e376c 100644
--- a/public/users/login.php
+++ b/public/users/login.php
@@ -70,8 +70,7 @@
 if ($error) {
     flash_error($error);
 }
-
-$_SESSION['PFA_token'] = md5(uniqid('pfa'  . rand(), true));
+$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));
 
 $smarty->assign('language_selector', language_selector(), false);
 $smarty->assign('smarty_template', 'login');