dany/antd-web-apps
1
0
Fork 0
mirror of https://github.com/lxsang/antd-web-apps synced 2024-11-20 02:18:20 +01:00
Code Issues Projects Releases Wiki Activity

add salt to sessionid hash

Browse Source
This commit is contained in:
DanyLE 2022-09-02 20:09:46 +02:00
parent 5b8acf2d87
commit 395249972e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
os/controllers/UserController.lua
View File

@ -43,7 +43,8 @@ function UserController:login(...)
local request = JSON.decodeString(REQUEST.json) local request = JSON.decodeString(REQUEST.json)
local r = ulib.auth(request.username,request.password) local r = ulib.auth(request.username,request.password)
if r == true then if r == true then
local cookie = {sessionid=std.sha1(request.username..request.password)} -- iotos_user = request.username local salt = utils.generate_salt(20)
local cookie = {sessionid=std.sha1(request.username..request.password..salt)} -- iotos_user = request.username
local db = sysdb(); local db = sysdb();
if db == nil then return fail("Cannot setup session") end if db == nil then return fail("Cannot setup session") end
local cond = {exp= {["="] = { sessionid = cookie.sessionid }}} local cond = {exp= {["="] = { sessionid = cookie.sessionid }}}