diff options
author | Mario <mario@mariovavti.com> | 2020-07-30 09:26:30 +0200 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2020-07-30 09:26:30 +0200 |
commit | 1a1c0ca72c76096c8f9fdd40dc634460ce2a749e (patch) | |
tree | d17e9431b608994295885031873d614db32d9060 | |
parent | 73f2db09ae060000056f295977f693b06f8bf0b0 (diff) | |
parent | 4db38ec64a44de425d6966cb2b50d487d70b5366 (diff) | |
download | volse-hubzilla-1a1c0ca72c76096c8f9fdd40dc634460ce2a749e.tar.gz volse-hubzilla-1a1c0ca72c76096c8f9fdd40dc634460ce2a749e.tar.bz2 volse-hubzilla-1a1c0ca72c76096c8f9fdd40dc634460ce2a749e.zip |
Merge branch 'dev' into 'dev'
Add minimum form displaying time before login
See merge request hubzilla/core!1863
-rw-r--r-- | include/security.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/security.php b/include/security.php index 38cb72263..c9df00f1e 100644 --- a/include/security.php +++ b/include/security.php @@ -594,9 +594,11 @@ function check_form_security_token($typename = '', $formname = 'form_security_to $hash = $_REQUEST[$formname]; $max_livetime = 10800; // 3 hours + $min_livetime = 3; // 3 sec $x = explode('.', $hash); - if (time() > (IntVal($x[0]) + $max_livetime)) return false; + if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime)) + return false; $sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename); |