Add CSRF protections

author: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
commit: 445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree: 7990903e398d77339587595ef5a07df8464f5a2e /app/Model/RememberMe.php
parent: 75ab09e28b22e9a5676ee912482027926e271515 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/app/Model/RememberMe.php b/app/Model/RememberMe.php
index 1494b14a..c9ef819f 100644
--- a/app/Model/RememberMe.php
+++ b/app/Model/RememberMe.php
@@ -2,6 +2,8 @@
 
 namespace Model;
 
+use Core\Security;
+
 /**
  * RememberMe model
  *
@@ -174,8 +176,8 @@ class RememberMe extends Base
      */
     public function create($user_id, $ip, $user_agent)
     {
-        $token = hash('sha256', $user_id.$user_agent.$ip.$this->generateToken());
-        $sequence = $this->generateToken();
+        $token = hash('sha256', $user_id.$user_agent.$ip.Security::generateToken());
+        $sequence = Security::generateToken();
         $expiration = time() + self::EXPIRATION;
 
         $this->cleanup($user_id);
@@ -225,7 +227,7 @@ class RememberMe extends Base
      */
     public function update($token, $sequence)
     {
-        $new_sequence = $this->generateToken();
+        $new_sequence = Security::generateToken();
 
         $this->db
              ->table(self::TABLE)
author	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
commit	445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree	7990903e398d77339587595ef5a07df8464f5a2e /app/Model/RememberMe.php
parent	75ab09e28b22e9a5676ee912482027926e271515 (diff)