diff options
author | plegall <plg@piwigo.org> | 2014-06-11 07:49:38 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-06-11 07:49:38 +0000 |
commit | 05e8753992799142319410551fe2431bec34978c (patch) | |
tree | faea39b9d4c3b7c55f7d6536f0e1013083851724 /include/functions_session.inc.php | |
parent | a22ae2f97c0234d4d997a00f4d6c27c00d1035fb (diff) |
bug 3082: increase randomness on generate_key
git-svn-id: http://piwigo.org/svn/branches/2.6@28675 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_session.inc.php')
-rw-r--r-- | include/functions_session.inc.php | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 24cffea57..aaa07fd07 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -62,25 +62,32 @@ if (isset($conf['session_save_handler']) */ function generate_key($size) { - global $conf; - - $md5 = md5(substr(microtime(), 2, 6)); - $init = ''; - for ( $i = 0; $i < strlen( $md5 ); $i++ ) + if ( + is_callable('openssl_random_pseudo_bytes') + and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR')) + ) { - if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i]; + return substr( + str_replace( + array('+', '/'), + '', + base64_encode(openssl_random_pseudo_bytes($size)) + ), + 0, + $size + ); } - $init = substr( $init, 0, 8 ); - mt_srand( $init ); - $key = ''; - for ( $i = 0; $i < $size; $i++ ) + else { - $c = mt_rand( 0, 2 ); - if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) ); - else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) ); - else $key .= mt_rand( 0, 9 ); + $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + $l = strlen($alphabet)-1; + $key = ''; + for ($i=0; $i<$size; $i++) + { + $key.= $alphabet[mt_rand(0, $l)]; + } + return $key; } - return $key; } /** |