From 445ef6d1481745cd4e7af7e671f534a25d4495dc Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 28 May 2014 15:14:52 -0400
Subject: Add CSRF protections

---
 app/Model/RememberMe.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'app/Model/RememberMe.php')

diff --git a/app/Model/RememberMe.php b/app/Model/RememberMe.php
index 1494b14a..c9ef819f 100644
--- a/app/Model/RememberMe.php
+++ b/app/Model/RememberMe.php
@@ -2,6 +2,8 @@
 
 namespace Model;
 
+use Core\Security;
+
 /**
  * RememberMe model
  *
@@ -174,8 +176,8 @@ class RememberMe extends Base
      */
     public function create($user_id, $ip, $user_agent)
     {
-        $token = hash('sha256', $user_id.$user_agent.$ip.$this->generateToken());
-        $sequence = $this->generateToken();
+        $token = hash('sha256', $user_id.$user_agent.$ip.Security::generateToken());
+        $sequence = Security::generateToken();
         $expiration = time() + self::EXPIRATION;
 
         $this->cleanup($user_id);
@@ -225,7 +227,7 @@ class RememberMe extends Base
      */
     public function update($token, $sequence)
     {
-        $new_sequence = $this->generateToken();
+        $new_sequence = Security::generateToken();
 
         $this->db
              ->table(self::TABLE)
-- 
cgit v1.2.3