pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

API security update

Browse Source
This commit is contained in:
“VeLiTi”
2024-10-15 13:28:53 +02:00
parent 4889402271
commit 43144ca91b
3 changed files with 36 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/v0/authorization.php
View File

@@ -34,14 +34,14 @@ if (!empty($username) && !empty($password)) {
http_response_code(401); http_response_code(401);
} }
else { else {
$service = $row['service'];
$service = bin2hex(random_bytes(25)); //$row['service'];
$jwt = createCommunicationToken($service); $jwt = createCommunicationToken($service);
$logindate = date('Y-m-d H:i:s'); $logindate = date('Y-m-d H:i:s');
$id = $row['id']; $id = $row['id'];
$sql1 = "UPDATE users SET lastlogin = '$logindate' WHERE id='$id'"; $sql1 = "UPDATE users SET lastlogin = '$logindate', service = '$service' WHERE id='$id'";
$conn->query($sql1); $conn->query($sql1);
echo json_encode(array('token' => $jwt)); echo json_encode(array('token' => $jwt));

17
api/v1/authorization.php
View File

@@ -47,6 +47,23 @@ if ($stmt->rowCount() == 1) {
} else { //STANDARD LOGIN } else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) { if (password_verify($password, $user_data['password'])) {
//REFRESH USERKEY
if ($user_data['userkey'] != ''){
$user_data['userkey'] = bin2hex(random_bytes(25));
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
$stmt_userkey = $pdo->prepare($sql_userkey);
$stmt_userkey->execute([$user_data['userkey'], $user_data['id']]);
}
//REFRESH USERKEY
if ($user_data['service'] != ''){
$user_data['service'] = bin2hex(random_bytes(25));
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_service);
$stmt_service->execute([$user_data['service'], $user_data['id']]);
}
$token = createCommunicationToken($user_data['service']); $token = createCommunicationToken($user_data['service']);
$user = array( $user = array(

17
api/v2/authorization.php
View File

@@ -48,6 +48,23 @@ if ($stmt->rowCount() == 1) {
} else { //STANDARD LOGIN } else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) { if (password_verify($password, $user_data['password'])) {
//REFRESH USERKEY
if ($user_data['userkey'] != ''){
$user_data['userkey'] = bin2hex(random_bytes(25));
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
$stmt_userkey = $pdo->prepare($sql_userkey);
$stmt_userkey->execute([$user_data['userkey'], $user_data['id']]);
}
//REFRESH USERKEY
if ($user_data['service'] != ''){
$user_data['service'] = bin2hex(random_bytes(25));
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_service);
$stmt_service->execute([$user_data['service'], $user_data['id']]);
}
$token = createCommunicationToken($user_data['userkey']); $token = createCommunicationToken($user_data['userkey']);
//RETURN JWT AND CLIENTSECRET //RETURN JWT AND CLIENTSECRET