Adding token to Clear Text Submission of Password
Showing
2 changed files
with
19 additions
and
6 deletions
| ... | @@ -361,10 +361,11 @@ public function login() | ... | @@ -361,10 +361,11 @@ public function login() |
| 361 | public function do_login() | 361 | public function do_login() |
| 362 | { | 362 | { |
| 363 | /*Code for token generation Flexydial Security Purpose*/ | 363 | /*Code for token generation Flexydial Security Purpose*/ |
| 364 | session_start(); | 364 | session_start(); |
| 365 | $newpass= Input::get('password'); | 365 | $newpass= Input::get('password'); |
| 366 | $encrypt_password=str_replace($_SESSION['token_prev'],"",$newpass); | 366 | $encrypt_password=str_replace($_SESSION['token_prev'],"",$newpass); |
| 367 | $encrypt_password=str_replace($_SESSION['token_end'],"",$encrypt_password); | 367 | $encrypt_password=str_replace($_SESSION['token_end'],"",$encrypt_password); |
| 368 | $secured_token=Input::get('security_token'); | ||
| 368 | /*Code for token generation Flexydial Security Purpose*/ | 369 | /*Code for token generation Flexydial Security Purpose*/ |
| 369 | 370 | ||
| 370 | //static Logout based on time - changes done by manish on 22-11-16 | 371 | //static Logout based on time - changes done by manish on 22-11-16 |
| ... | @@ -401,9 +402,11 @@ if($user) | ... | @@ -401,9 +402,11 @@ if($user) |
| 401 | } | 402 | } |
| 402 | } | 403 | } |
| 403 | 404 | ||
| 404 | |||
| 405 | /*Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password] );*/ | 405 | /*Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password] );*/ |
| 406 | Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password]); | 406 | if ($secured_token==$_SESSION['token_security']) { |
| 407 | Auth::attempt( ['username' => Input::get('username'), 'password' => $encrypt_password]); | ||
| 408 | } | ||
| 409 | |||
| 407 | 410 | ||
| 408 | if(Auth::guest()) | 411 | if(Auth::guest()) |
| 409 | { | 412 | { | ... | ... |
| ... | @@ -17,24 +17,33 @@ if (isset($_SESSION['token_prev'])) { | ... | @@ -17,24 +17,33 @@ if (isset($_SESSION['token_prev'])) { |
| 17 | unset($_SESSION['token_prev']); | 17 | unset($_SESSION['token_prev']); |
| 18 | 18 | ||
| 19 | $_SESSION['token_prev']=randomPassword(); | 19 | $_SESSION['token_prev']=randomPassword(); |
| 20 | # code... | ||
| 21 | } | 20 | } |
| 22 | else{ | 21 | else{ |
| 23 | $_SESSION['token_prev']=randomPassword(); | 22 | $_SESSION['token_prev']=randomPassword(); |
| 24 | 23 | ||
| 25 | } | 24 | } |
| 26 | //Session2 | 25 | |
| 27 | if (isset($_SESSION['token_end'])) { | 26 | if (isset($_SESSION['token_end'])) { |
| 28 | unset($_SESSION['token_end']); | 27 | unset($_SESSION['token_end']); |
| 29 | 28 | ||
| 30 | $_SESSION['token_end']=randomPassword(); | 29 | $_SESSION['token_end']=randomPassword(); |
| 31 | # code... | 30 | |
| 32 | } | 31 | } |
| 33 | else{ | 32 | else{ |
| 34 | $_SESSION['token_end']=randomPassword(); | 33 | $_SESSION['token_end']=randomPassword(); |
| 35 | 34 | ||
| 36 | 35 | ||
| 37 | } | 36 | } |
| 37 | if (isset($_SESSION['token_security'])) { | ||
| 38 | unset($_SESSION['token_security']); | ||
| 39 | |||
| 40 | $_SESSION['token_security']=randomPassword(); | ||
| 41 | # code... | ||
| 42 | } | ||
| 43 | else{ | ||
| 44 | $_SESSION['token_security']=randomPassword(); | ||
| 45 | |||
| 46 | } | ||
| 38 | /*Code for token generation Flexydial Security Purpose*/ | 47 | /*Code for token generation Flexydial Security Purpose*/ |
| 39 | 48 | ||
| 40 | use \App\Models\User; | 49 | use \App\Models\User; |
| ... | @@ -333,6 +342,7 @@ if(isset($error)) | ... | @@ -333,6 +342,7 @@ if(isset($error)) |
| 333 | <input type="hidden" name="_token" value="{{{ csrf_token() }}}" /> | 342 | <input type="hidden" name="_token" value="{{{ csrf_token() }}}" /> |
| 334 | <input type="hidden" id="ses_token_prev" value="<?php echo $_SESSION['token_prev'];?>" /> | 343 | <input type="hidden" id="ses_token_prev" value="<?php echo $_SESSION['token_prev'];?>" /> |
| 335 | <input type="hidden" id="ses_token_end" value="<?php echo $_SESSION['token_end'];?>" /> | 344 | <input type="hidden" id="ses_token_end" value="<?php echo $_SESSION['token_end'];?>" /> |
| 345 | <input type="hidden" id="security_token" name="security_token" value="<?php echo $_SESSION['token_security'];?>" /> | ||
| 336 | 346 | ||
| 337 | 347 | ||
| 338 | <div class="form-group"> | 348 | <div class="form-group"> | ... | ... |
-
Please register or sign in to post a comment