Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix #19: Plaintext OTP hashing + hardcoded server paths

Browse Source 
- Changed OTP storage in Admin/auth/login.php from plaintext to sha256 hash
- Updated Admin/auth/verify_login.php to hash user input before comparison
- Replaced hardcoded /home/siro-api/ paths with environment variables:
  - ERROR_LOG_PATH, ENV_FILE_PATH, SECRET_KEY_PAY_PATH, SECRET_KEY_PATH
  - Falls back to __DIR__-relative paths when env vars are unset
This commit is contained in:
Hamza-Ayed
2026-06-17 07:49:46 +03:00
parent 790d58aaa2
commit 2d607d9e90
5 changed files with 15 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/encrypt_decrypt.php
View File

@@ -4,7 +4,7 @@
require_once realpath(__DIR__ . '/../vendor/autoload.php');
require_once 'load_env.php';
$env_file = '/home/siro-api/env/.env';
$env_file = getenv('ENV_FILE_PATH') ?: (__DIR__ . '/../../../env/.env');
loadEnvironment($env_file);
// ✅ FIX C-02: استخدام getenv بدلاً من file_get_contents الثابت