From a8e3a912bf8ee9ebc366741f10709e51c4e99797 Mon Sep 17 00:00:00 2001 From: Harry Date: Thu, 3 Nov 2016 22:33:25 +0000 Subject: [PATCH] Protect against DroppleGanger Auth-Bypass exploit --- .gitignore | 1 + cache/.gitignore | 1 + dropplets/functions.php | 25 ++++++++++++------------- 3 files changed, 14 insertions(+), 13 deletions(-) create mode 100644 .gitignore create mode 100644 cache/.gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..b74decb0 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/config.php diff --git a/cache/.gitignore b/cache/.gitignore new file mode 100644 index 00000000..72e8ffc0 --- /dev/null +++ b/cache/.gitignore @@ -0,0 +1 @@ +* diff --git a/dropplets/functions.php b/dropplets/functions.php index 31322894..94f33a7c 100644 --- a/dropplets/functions.php +++ b/dropplets/functions.php @@ -53,8 +53,19 @@ $verification_file = "./verify.php"; // If verified, allow a password reset. - if (!isset($_GET["verify"])) { + if (isset($_GET["verify"])) { + require($verification_file); + + if ($_GET["verify"] === $verification_code) { + $_SESSION["user"] = true; + unlink($verification_file); + } else { + $login_error = "That's not the correct recovery code!"; + } + } + else { + // Generate verification token and send e-mail $code = sha1(md5(rand())); $verify_file_contents[] = "