add get_random_bytes() in case openssl_random_pseudo_bytes() is unavailable

diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php
index 175566d8cc85e4b2d7f0be4897fd7987d9955593..57971ccb161528b09958f7327c998c2b5dca082f 100644 (file)
--- a/classes/pref_prefs.php
+++ b/classes/pref_prefs.php
@@ -52,7 +52,7 @@ class Pref_Prefs extends Protected_Handler {
 
                if (db_num_rows($result) == 1) {
 
-                       $new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                       $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                        $new_pw_hash = encrypt_password($new_pw, $new_salt, true);
 
                        db_query($this->link, "UPDATE ttrss_users SET

diff --git a/classes/pref_users.php b/classes/pref_users.php
index 975b41f5cb20f214efa385a9ca25b1358426a761..94ee270d37175c4d8bc3cf54480a72ded0846c4e 100644 (file)
--- a/classes/pref_users.php
+++ b/classes/pref_users.php
@@ -206,7 +206,7 @@ class Pref_Users extends Protected_Handler {
                        $password = db_escape_string(trim($_REQUEST["password"]));
 
                        if ($password) {
-                               $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                                $pwd_hash = encrypt_password($password, $salt, true);
                                $pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
                        } else {
@@ -234,7 +234,7 @@ class Pref_Users extends Protected_Handler {
 
                        $login = db_escape_string(trim($_REQUEST["login"]));
                        $tmp_user_pwd = make_password(8);
-                       $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                       $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                        $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
 
                        $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
@@ -280,7 +280,7 @@ class Pref_Users extends Protected_Handler {
                        $email = db_fetch_result($result, 0, "email");
                        $salt = db_fetch_result($result, 0, "salt");
 
-                       $new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                       $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                        $tmp_user_pwd = make_password(8);
 
                        $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);

diff --git a/include/functions.php b/include/functions.php
index f0ff2ce2856ccf93cfcfebf3c51cda244093aa86..a4e19a23179a95dfcf04ceab569a57ceebf2ac9c 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -701,7 +701,7 @@
 
                                        // First login ?
                                        if (db_num_rows($result) == 0) {
-                                               $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                                                $pwd_hash = encrypt_password($password, $salt, true);
 
                                                $query2 = "INSERT INTO ttrss_users
@@ -731,7 +731,7 @@
                                        if (db_num_rows($result) == 1) {
                                                // upgrade password to MODE2
 
-                                               $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                                                $pwd_hash = encrypt_password($password, $salt, true);
 
                                                db_query($link, "UPDATE ttrss_users SET
@@ -818,7 +818,7 @@
 
        function make_password($length = 8) {
 
-               return substr(bin2hex(openssl_random_pseudo_bytes($length / 2)), 0, $length);
+               return substr(bin2hex(get_random_bytes($length / 2)), 0, $length);
        }
 
        // this is called after user is created to initialize default feeds, labels
@@ -5398,4 +5398,17 @@
 
                }
        }
+
+       function get_random_bytes($length) {
+               if (function_exists('openssl_random_pseudo_bytes')) {
+                       return openssl_random_pseudo_bytes($length);
+               } else {
+                       $output = "";
+
+                       for ($i = 0; $i < $length; $i++)
+                               $output .= chr(mt_rand(0, 255));
+
+                       return $output;
+               }
+       }
 ?>

diff --git a/register.php b/register.php
index e75c1c94c246fa42ff30785d1019f46359ce2de3..97cea47cba18ef6cd4b3050309e39beb48815159 100644 (file)
--- a/register.php
+++ b/register.php
@@ -270,7 +270,7 @@
 
                                $password = make_password();
 
-                               $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
                                $pwd_hash = encrypt_password($password, $salt, true);
 
                                db_query($link, "INSERT INTO ttrss_users