From 153ba4038e69ff827b0a1f24e0c7eb3b371be748 Mon Sep 17 00:00:00 2001
From: Jean-Christian Denis <contact@jcdenis.fr>
Date: Mon, 24 Jul 2023 17:03:19 +0200
Subject: [PATCH] use less sensible values to generate client id

---
 src/Config.php |  9 +++++++--
 src/Utils.php  | 31 +++++++++++++++++++++++++------
 2 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/src/Config.php b/src/Config.php
index e71ff67..34efbfe 100644
--- a/src/Config.php
+++ b/src/Config.php
@@ -21,10 +21,12 @@ use Dotclear\Helper\Html\Form\{
     Div,
     Input,
     Label,
+    Li,
     Note,
     Para,
     Text,
-    Textarea
+    Textarea,
+    Ul
 };
 use Dotclear\Helper\Html\Html;
 
@@ -93,7 +95,10 @@ class Config extends Process
         echo
         (new Div())->items([
             (new Text('p', __('Settings are globals. Reports are by blog.')))->class('message'),
-            (new Text('pre', sprintf(__('API %s'), Utils::DISTANT_API_VERSION))),
+            (new Ul())->items([
+                (new Li())->text(sprintf(__('API: %s'), Utils::DISTANT_API_VERSION)),
+                (new Li())->text(sprintf(__('UID: %s'), Utils::getClient())),
+            ]),
             (new Para())->items([
                 (new Label(__('Hidden modules:')))->for('hidden_modules'),
                 (new Input('hidden_modules'))->class('maximal')->size(65)->maxlenght(255)->value(self::$hidden_modules),
diff --git a/src/Utils.php b/src/Utils.php
index 698288a..f413afb 100644
--- a/src/Utils.php
+++ b/src/Utils.php
@@ -37,6 +37,9 @@ class Utils
     /** @var    array<int,string>   The hiddens modules IDs */
     private static array $hiddens = [];
 
+    /** @var    string  Multiblog unique identifiant */
+    private static string $uid = '';
+
     /**
      * Add mark to backend menu footer.
      */
@@ -71,7 +74,7 @@ class Utils
     /**
      * Get plugins list.
      *
-     * @param   bool    $strict     tak on ly enabled and not hidden plugins
+     * @param   bool    $strict     take only enabled and not hidden plugins
      *
      * @return  array<string,string>    The plugins list.
      */
@@ -93,7 +96,7 @@ class Utils
     /**
      * Get themes list.
      *
-     * @param   bool    $strict     tak on ly enabled and not hidden themes
+     * @param   bool    $strict     take only enabled and not hidden themes
      *
      * @return  array<string,string>    The themes list.
      */
@@ -127,6 +130,14 @@ class Utils
         return self::check() ? self::contents() : '';
     }
 
+    /**
+     * Get client uid.
+     */
+    public static function getClient(): string
+    {
+        return self::check() ? self::uid() : '';
+    }
+
     /**
      * Clear cache directory.
      */
@@ -175,22 +186,30 @@ class Utils
 
     private static function check(): bool
     {
-        return defined('DC_MASTER_KEY') && defined('DC_CRYPT_ALGO') && defined('DC_TPL_CACHE') && is_dir(DC_TPL_CACHE) && is_writable(DC_TPL_CACHE);
+        return defined('DC_CRYPT_ALGO') && defined('DC_TPL_CACHE') && is_dir(DC_TPL_CACHE) && is_writable(DC_TPL_CACHE);
     }
 
     private static function key(): string
     {
-        return Crypt::hmac(DC_MASTER_KEY, My::id() . __DIR__, DC_CRYPT_ALGO);
+        return Crypt::hmac(self::uid() . My::id(), DC_CRYPT_ALGO);
     }
 
     private static function uid(): string
     {
-        return md5(DC_MASTER_KEY . My::id());
+        if (empty(self::$uid)) {
+            self::$uid = (string) My::settings()->getGlobal('client_uid');
+            if (empty(self::$uid) || strlen(self::$uid) != 32) {
+                self::$uid = md5(uniqid() . My::id() . time());
+                My::settings()->put('client_uid', self::$uid, 'string', 'Client UID', false, true);
+            }
+        }
+
+        return self::$uid;
     }
 
     private static function buid(): string
     {
-        return md5(DC_MASTER_KEY . My::id() . dcCore::app()->blog->uid);
+        return md5(self::uid() . dcCore::app()->blog->uid);
     }
 
     private static function url()