Merge branch 'hotfix/tokenSalt' into gray
Showing
1 changed file
with
3 additions
and
6 deletions
| @@ -354,7 +354,6 @@ class AbstractAction extends Controller_Abstract | @@ -354,7 +354,6 @@ class AbstractAction extends Controller_Abstract | ||
| 354 | $useSession = false; | 354 | $useSession = false; |
| 355 | } | 355 | } |
| 356 | //$useSession = false; | 356 | //$useSession = false; |
| 357 | - | ||
| 358 | if (!$this->_uid) { | 357 | if (!$this->_uid) { |
| 359 | $cookie = $this->getCookie('_UID'); | 358 | $cookie = $this->getCookie('_UID'); |
| 360 | // 兼容老的 | 359 | // 兼容老的 |
| @@ -363,11 +362,9 @@ class AbstractAction extends Controller_Abstract | @@ -363,11 +362,9 @@ class AbstractAction extends Controller_Abstract | ||
| 363 | $cookieList[1] = intval(Encryption::decrypt($cookieList[1])); | 362 | $cookieList[1] = intval(Encryption::decrypt($cookieList[1])); |
| 364 | if (isset($cookieList[1]) && $cookieList[1]) { | 363 | if (isset($cookieList[1]) && $cookieList[1]) { |
| 365 | if ($useSession) { | 364 | if ($useSession) { |
| 366 | - $token = $this->getSession('_TOKEN'); | ||
| 367 | - if (empty($token)) { | ||
| 368 | - $token = $this->getCookie('_TOKEN'); | ||
| 369 | - } | ||
| 370 | - if ($token === Helpers::makeToken($cookieList[1])) { | 365 | + $token = $this->getCookie('_TOKEN'); |
| 366 | + $salt = substr($token, -8); | ||
| 367 | + if ($cookieList[3] === Helpers::makeToken($cookieList[1] . $salt)) { | ||
| 371 | $this->_uid = $cookieList[1]; | 368 | $this->_uid = $cookieList[1]; |
| 372 | } | 369 | } |
| 373 | } else { | 370 | } else { |
-
Please register or login to post a comment