Skip to content
Toggle navigation
Toggle navigation
This project
Loading...
Sign in
flexydial
/
hdfc
Go to a project
Toggle navigation
Toggle navigation pinning
Projects
Groups
Snippets
Help
Project
Activity
Repository
Graphs
Issues
0
Merge Requests
0
Wiki
Network
Create a new issue
Commits
Issue Boards
Files
Commits
Network
Compare
Branches
Tags
d0b4b30e
authored
2018-05-11 12:00:18 +0530
by
Gopal
Browse Files
Options
Browse Files
Tag
Download
Email Patches
Plain Diff
Adding token to Clear Text Submission of Password
1 parent
cc9d36f1
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
19 additions
and
6 deletions
application/app/Http/Controllers/HomeController.php
application/resources/views/login.blade.php
application/app/Http/Controllers/HomeController.php
View file @
d0b4b30
...
...
@@ -361,10 +361,11 @@ public function login()
public
function
do_login
()
{
/*Code for token generation Flexydial Security Purpose*/
session_start
();
session_start
();
$newpass
=
Input
::
get
(
'password'
);
$encrypt_password
=
str_replace
(
$_SESSION
[
'token_prev'
],
""
,
$newpass
);
$encrypt_password
=
str_replace
(
$_SESSION
[
'token_end'
],
""
,
$encrypt_password
);
$secured_token
=
Input
::
get
(
'security_token'
);
/*Code for token generation Flexydial Security Purpose*/
//static Logout based on time - changes done by manish on 22-11-16
...
...
@@ -401,9 +402,11 @@ if($user)
}
}
/*Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password] );*/
Auth
::
attempt
(
[
'username'
=>
Input
::
get
(
'username'
),
'password'
=>
$encrypt_password
]);
if
(
$secured_token
==
$_SESSION
[
'token_security'
])
{
Auth
::
attempt
(
[
'username'
=>
Input
::
get
(
'username'
),
'password'
=>
$encrypt_password
]);
}
if
(
Auth
::
guest
())
{
...
...
application/resources/views/login.blade.php
View file @
d0b4b30
...
...
@@ -17,24 +17,33 @@ if (isset($_SESSION['token_prev'])) {
unset
(
$_SESSION
[
'token_prev'
]);
$_SESSION
[
'token_prev'
]
=
randomPassword
();
# code...
}
else
{
$_SESSION
[
'token_prev'
]
=
randomPassword
();
}
//Session2
if
(
isset
(
$_SESSION
[
'token_end'
]))
{
unset
(
$_SESSION
[
'token_end'
]);
$_SESSION
[
'token_end'
]
=
randomPassword
();
# code...
}
else
{
$_SESSION
[
'token_end'
]
=
randomPassword
();
}
if
(
isset
(
$_SESSION
[
'token_security'
]))
{
unset
(
$_SESSION
[
'token_security'
]);
$_SESSION
[
'token_security'
]
=
randomPassword
();
# code...
}
else
{
$_SESSION
[
'token_security'
]
=
randomPassword
();
}
/*Code for token generation Flexydial Security Purpose*/
use
\App\Models\User
;
...
...
@@ -333,6 +342,7 @@ if(isset($error))
<input
type=
"hidden"
name=
"_token"
value=
"{{{ csrf_token() }}}"
/>
<input
type=
"hidden"
id=
"ses_token_prev"
value=
"
<?php
echo
$_SESSION
[
'token_prev'
];
?>
"
/>
<input
type=
"hidden"
id=
"ses_token_end"
value=
"
<?php
echo
$_SESSION
[
'token_end'
];
?>
"
/>
<input
type=
"hidden"
id=
"security_token"
name=
"security_token"
value=
"
<?php
echo
$_SESSION
[
'token_security'
];
?>
"
/>
<div
class=
"form-group"
>
...
...
Write
Preview
Styling with
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment
