3d42aab16d
**Problem** 1. **Static Signature Vulnerability**: - Email verification links used a static signature algorithm (same link for lifetime), allowing account hijacking if links were leaked. - *Worst-case scenario*: Compromised AppKey + leaked link → full-site account under danger. 2. **Overly Long Reset Window**: - Password reset links remained valid for 1 hour, enabling attackers to hijack accounts if intercepted. - *Worst-case scenario*: Compromised AppKey + leaked link → full-site account account take over. **Solution** - **Email Verification**: - Replaced static signatures with **HMAC-SHA256 + timestamp + nonce**. - Links are now **one-time-use** and expire immediately after verification. - **Password Reset**: - Reduced validity window from 1h → **5 minutes**. - Added rate limiting to prevent brute-force attacks. **Impact** - **Closed Communities**: Critical for real-name systems (e.g., gaming, enterprise). - **AppKey Leak Mitigation**: Even with leaked AppKey, intercepted links are now useless. The commit message is translated by Deepseek due to my poor English. |
||
|---|---|---|
| .. | ||
| Concerns | ||
| Player.php | ||
| Report.php | ||
| Scope.php | ||
| Texture.php | ||
| User.php | ||