aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_session.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2014-06-11 07:49:38 +0000
committerplegall <plg@piwigo.org>2014-06-11 07:49:38 +0000
commit05e8753992799142319410551fe2431bec34978c (patch)
treefaea39b9d4c3b7c55f7d6536f0e1013083851724 /include/functions_session.inc.php
parenta22ae2f97c0234d4d997a00f4d6c27c00d1035fb (diff)
bug 3082: increase randomness on generate_key
git-svn-id: http://piwigo.org/svn/branches/2.6@28675 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_session.inc.php')
-rw-r--r--include/functions_session.inc.php37
1 files changed, 22 insertions, 15 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 24cffea57..aaa07fd07 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -62,25 +62,32 @@ if (isset($conf['session_save_handler'])
*/
function generate_key($size)
{
- global $conf;
-
- $md5 = md5(substr(microtime(), 2, 6));
- $init = '';
- for ( $i = 0; $i < strlen( $md5 ); $i++ )
+ if (
+ is_callable('openssl_random_pseudo_bytes')
+ and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR'))
+ )
{
- if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
+ return substr(
+ str_replace(
+ array('+', '/'),
+ '',
+ base64_encode(openssl_random_pseudo_bytes($size))
+ ),
+ 0,
+ $size
+ );
}
- $init = substr( $init, 0, 8 );
- mt_srand( $init );
- $key = '';
- for ( $i = 0; $i < $size; $i++ )
+ else
{
- $c = mt_rand( 0, 2 );
- if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
- else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
- else $key .= mt_rand( 0, 9 );
+ $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+ $l = strlen($alphabet)-1;
+ $key = '';
+ for ($i=0; $i<$size; $i++)
+ {
+ $key.= $alphabet[mt_rand(0, $l)];
+ }
+ return $key;
}
- return $key;
}
/**