[Cs-webapplibs-commits] SF.net SVN: cs-webapplibs:[126] trunk/0.3
Status: Beta
Brought to you by:
crazedsanity
Menu
▾
▴
[Cs-webapplibs-commits] SF.net SVN: cs-webapplibs:[126] trunk/0.3
|
From: <cra...@us...> - 2009-08-20 19:04:46
|
Revision: 126
http://cs-webapplibs.svn.sourceforge.net/cs-webapplibs/?rev=126&view=rev
Author: crazedsanity
Date: 2009-08-20 19:04:39 +0000 (Thu, 20 Aug 2009)
Log Message:
-----------
Convert to sha-1 hashes for better security.
/cs_authToken.class.php:
* create_hash_string():
-- use sha1() instead of md5().
* authenticate_token():
-- test that the hash is 40 characters (sha-1) instead of 32 (md5)
/tests/testOfCSWebAppLibs.php:
* basic_token_tests():
-- test that the hash is 40 characters (sha-1) instead of 32 (md5)
Modified Paths:
--------------
trunk/0.3/cs_authToken.class.php
trunk/0.3/tests/testOfCSWebAppLibs.php
Modified: trunk/0.3/cs_authToken.class.php
===================================================================
--- trunk/0.3/cs_authToken.class.php 2009-08-20 18:47:04 UTC (rev 125)
+++ trunk/0.3/cs_authToken.class.php 2009-08-20 19:04:39 UTC (rev 126)
@@ -61,7 +61,7 @@
* something very unique.
*/
protected function create_hash_string($tokenId, $uid, $checksum, $stringToHash=NULL) {
- return(md5($tokenId ."_". $uid ."_". $checksum ."_". $stringToHash));
+ return(sha1($tokenId ."_". $uid ."_". $checksum ."_". $stringToHash));
}//end create_hash_string()
//=========================================================================
@@ -196,7 +196,7 @@
$authTokenRes = null;
- if(is_numeric($tokenId) && strlen($checksum) && strlen($hash) == 32) {
+ if(is_numeric($tokenId) && strlen($checksum) && strlen($hash) == 40) {
try {
$data = $this->get_token_data($tokenId);
Modified: trunk/0.3/tests/testOfCSWebAppLibs.php
===================================================================
--- trunk/0.3/tests/testOfCSWebAppLibs.php 2009-08-20 18:47:04 UTC (rev 125)
+++ trunk/0.3/tests/testOfCSWebAppLibs.php 2009-08-20 19:04:39 UTC (rev 126)
@@ -193,7 +193,7 @@
$this->assertTrue(isset($tokenData['id']));
$this->assertTrue(isset($tokenData['hash']));
$this->assertTrue(($tokenData['id'] > 0));
- $this->assertTrue((strlen($tokenData['hash']) == 32));
+ $this->assertTrue((strlen($tokenData['hash']) == 40));
}
}//end basic_token_tests()
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
