6 years ago · 2a4c52f961
--- a/core/default_settings/app_config.php
+++ b/core/default_settings/app_config.php
@@ -209,7 +209,7 @@
 
															 		$apps[$x]['default_settings'][$y]['default_setting_category'] = "login";
														
 
															 		$apps[$x]['default_settings'][$y]['default_setting_subcategory'] = "password_reset_key";
														
 
															 		$apps[$x]['default_settings'][$y]['default_setting_name'] = "text";
														
 
															-		$apps[$x]['default_settings'][$y]['default_setting_value'] = generate_password('20', '4');
														
 
															+		$apps[$x]['default_settings'][$y]['default_setting_value'] = base64_encode(openssl_random_pseudo_bytes(32));
														
 
															 		$apps[$x]['default_settings'][$y]['default_setting_enabled'] = "false";
														
 
															 		$apps[$x]['default_settings'][$y]['default_setting_description'] = "Display a Reset Password link on the login box (requires smtp_host be defined).";
														
 
															 		$y++;
														
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -1548,15 +1548,20 @@ function number_pad($number,$n) {
 
															 //encrypt a string
														
 
															 	if (!function_exists('encrypt')) {
														
 
															-		function encrypt($key, $str_to_enc) {
														
 
															-			return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $str_to_enc, MCRYPT_MODE_CBC, md5(md5($key))));
														
 
															+		function encrypt($key, $data) {
														
 
															+			$encryption_key = base64_decode($key);
														
 
															+			$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
														
 
															+			$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
														
 
															+			return base64_encode($encrypted.'::'.$iv);
														
 
															 		}
														
 
															 	}
														
 
															 //decrypt a string
														
 
															 	if (!function_exists('decrypt')) {
														
 
															-		function decrypt($key, $str_to_dec) {
														
 
															-			return rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($str_to_dec), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
														
 
															+		function decrypt($key, $data) {
														
 
															+			$encryption_key = base64_decode($key);
														
 
															+			list($encrypted_data, $iv) = explode('::', base64_decode($data), 2);
														
 
															+			return openssl_decrypt($encrypted_data, 'aes-256-cbc', $encryption_key, 0, $iv);
														
 
															 		}
														
 
															 	}
														
--- a/resources/login.php
+++ b/resources/login.php
@@ -241,7 +241,7 @@
 
															 		}
														
 
															 		echo "<input type='submit' id='btn_login' class='btn' style='width: 100px; margin-top: 15px;' value='".$text['button-login']."'>\n";
														
 
															 		if (
														
 
															-			function_exists('mcrypt_encrypt') &&
														
 
															+			function_exists('openssl_encrypt') &&
														
 
															 			$_SESSION['login']['password_reset_key']['text'] != '' &&
														
 
															 			$_SESSION['email']['smtp_host']['text'] != ''
														
 
															 			) {