fix(config): Added missing installed, authSalt and tableSalt co…

…nfig #9
wirecli · Oct 27, 2023 · d250942 · d250942
1 parent 9a1339a
commit d250942
Showing 1 changed file with 41 additions and 9 deletions.
diff --git a/src/Helpers/Installer.php b/src/Helpers/Installer.php
@@ -345,7 +345,17 @@ public function checkDatabaseConnection($values, $out = true) {
    * @param array $values
    */
   protected function dbSaveConfigFile(array $values) {
-    $salt = md5(mt_rand() . microtime(true));
+    $file = __FILE__; 
+		$time = time();
+		$host = empty($values['httpHosts']) ? '' : implode(',', $values['httpHosts']);
+
+		if(function_exists('random_bytes')) {
+			$authSalt = sha1(random_bytes(random_int(40, 128)));
+			$tableSalt = sha1(random_int(0, 65535) . "$host$file$time"); 
+		} else {
+			$authSalt = md5(mt_rand() . microtime(true));
+			$tableSalt = md5(mt_rand() . "$host$file$time"); 
+		}
 
     $cfg =  "\n/**" .
       "\n * Installer: Database Configuration" .
@@ -357,14 +367,27 @@ protected function dbSaveConfigFile(array $values) {
       "\n\$config->dbPass = '$values[dbPass]';" .
       "\n\$config->dbPort = '$values[dbPort]';" .
       "\n" .
-      "\n/**" .
-      "\n * Installer: User Authentication Salt " .
-      "\n * " .
-      "\n * Must be retained if you migrate your site from one server to another" .
-      "\n * " .
-      "\n */" .
-      "\n\$config->userAuthSalt = '$salt'; " .
-      "\n" .
+      "\n/**" . 
+			"\n * Installer: User Authentication Salt " . 
+			"\n * " .
+			"\n * This value was randomly generated for your system on " . date('Y/m/d') . "." . 
+			"\n * This should be kept as private as a password and never stored in the database." . 
+			"\n * Must be retained if you migrate your site from one server to another." . 
+			"\n * Do not change this value, or user passwords will no longer work." .
+			"\n * " . 
+			"\n */" . 
+			"\n\$config->userAuthSalt = '$authSalt'; " .
+			"\n" .
+			"\n/**" . 
+			"\n * Installer: Table Salt (General Purpose) " .
+			"\n * " .
+			"\n * Use this rather than userAuthSalt when a hashing salt is needed for non user " .
+			"\n * authentication purposes. Like with userAuthSalt, you should never change " . 
+			"\n * this value or it may break internal system comparisons that use it. " . 
+			"\n * " .
+			"\n */" . 
+			"\n\$config->tableSalt = '$tableSalt'; " .
+			"\n" . 
       "\n/**" .
       "\n * Installer: File Permission Configuration" .
       "\n * " .
@@ -383,6 +406,15 @@ protected function dbSaveConfigFile(array $values) {
       "\n *" . 
       "\n */".
       "\n\$config->defaultAdminTheme = 'AdminThemeUikit';" .
+      "\n" . 
+      "\n/**" .
+			"\n * Installer: Unix timestamp of date/time installed" .
+			"\n * " .
+			"\n * This is used to detect which when certain behaviors must be backwards compatible." .
+			"\n * Please leave this value as-is." .
+			"\n * " .
+			"\n */" .
+			"\n\$config->installed = " . time() . ";" .
       "\n\n";
 
     if (!empty($values['httpHosts'])) {