use less sensible values to generate client id

2023-07-24 17:03:19 +02:00 · 2023-07-24 17:03:19 +02:00 · 153ba4038e
commit 153ba4038e
parent 7d558c9350
2 changed files with 32 additions and 8 deletions
--- a/src/Config.php
+++ b/src/Config.php
@ -21,10 +21,12 @@ use Dotclear\Helper\Html\Form\{
    Div,
    Input,
    Label,
    Li,
    Note,
    Para,
    Text,
-    Textarea
+    Textarea,
    Ul
 };
 use Dotclear\Helper\Html\Html;
@ -93,7 +95,10 @@ class Config extends Process
        echo
        (new Div())->items([
            (new Text('p', __('Settings are globals. Reports are by blog.')))->class('message'),
-            (new Text('pre', sprintf(__('API %s'), Utils::DISTANT_API_VERSION))),
+            (new Ul())->items([
                (new Li())->text(sprintf(__('API: %s'), Utils::DISTANT_API_VERSION)),
                (new Li())->text(sprintf(__('UID: %s'), Utils::getClient())),
            ]),
            (new Para())->items([
                (new Label(__('Hidden modules:')))->for('hidden_modules'),
                (new Input('hidden_modules'))->class('maximal')->size(65)->maxlenght(255)->value(self::$hidden_modules),
--- a/src/Utils.php
+++ b/src/Utils.php
@ -37,6 +37,9 @@ class Utils
    /** @var    array<int,string>   The hiddens modules IDs */
    private static array $hiddens = [];
    /** @var    string  Multiblog unique identifiant */
    private static string $uid = '';
    /**
     * Add mark to backend menu footer.
     */
@ -71,7 +74,7 @@ class Utils
    /**
     * Get plugins list.
     *
-     * @param   bool    $strict     tak on ly enabled and not hidden plugins
+     * @param   bool    $strict     take only enabled and not hidden plugins
     *
     * @return  array<string,string>    The plugins list.
     */
@ -93,7 +96,7 @@ class Utils
    /**
     * Get themes list.
     *
-     * @param   bool    $strict     tak on ly enabled and not hidden themes
+     * @param   bool    $strict     take only enabled and not hidden themes
     *
     * @return  array<string,string>    The themes list.
     */
@ -127,6 +130,14 @@ class Utils
        return self::check() ? self::contents() : '';
    }
    /**
     * Get client uid.
     */
    public static function getClient(): string
    {
        return self::check() ? self::uid() : '';
    }
    /**
     * Clear cache directory.
     */
@ -175,22 +186,30 @@ class Utils
    private static function check(): bool
    {
-        return defined('DC_MASTER_KEY') && defined('DC_CRYPT_ALGO') && defined('DC_TPL_CACHE') && is_dir(DC_TPL_CACHE) && is_writable(DC_TPL_CACHE);
+        return defined('DC_CRYPT_ALGO') && defined('DC_TPL_CACHE') && is_dir(DC_TPL_CACHE) && is_writable(DC_TPL_CACHE);
    }
    private static function key(): string
    {
-        return Crypt::hmac(DC_MASTER_KEY, My::id() . __DIR__, DC_CRYPT_ALGO);
+        return Crypt::hmac(self::uid() . My::id(), DC_CRYPT_ALGO);
    }
    private static function uid(): string
    {
-        return md5(DC_MASTER_KEY . My::id());
+        if (empty(self::$uid)) {
            self::$uid = (string) My::settings()->getGlobal('client_uid');
            if (empty(self::$uid) || strlen(self::$uid) != 32) {
                self::$uid = md5(uniqid() . My::id() . time());
                My::settings()->put('client_uid', self::$uid, 'string', 'Client UID', false, true);
            }
        }
        return self::$uid;
    }
    private static function buid(): string
    {
-        return md5(DC_MASTER_KEY . My::id() . dcCore::app()->blog->uid);
+        return md5(self::uid() . dcCore::app()->blog->uid);
    }
    private static function url()