From 8db5d8ea6d38df8a18e8290753b1b29f76bcf962 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 23 Jan 2012 22:04:01 +0400 Subject: [PATCH] add get_random_bytes() in case openssl_random_pseudo_bytes() is unavailable --- classes/pref_prefs.php | 2 +- classes/pref_users.php | 6 +++--- include/functions.php | 19 ++++++++++++++++--- register.php | 2 +- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php index 175566d8..57971ccb 100644 --- a/classes/pref_prefs.php +++ b/classes/pref_prefs.php @@ -52,7 +52,7 @@ class Pref_Prefs extends Protected_Handler { if (db_num_rows($result) == 1) { - $new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $new_pw_hash = encrypt_password($new_pw, $new_salt, true); db_query($this->link, "UPDATE ttrss_users SET diff --git a/classes/pref_users.php b/classes/pref_users.php index 975b41f5..94ee270d 100644 --- a/classes/pref_users.php +++ b/classes/pref_users.php @@ -206,7 +206,7 @@ class Pref_Users extends Protected_Handler { $password = db_escape_string(trim($_REQUEST["password"])); if ($password) { - $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); $pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',"; } else { @@ -234,7 +234,7 @@ class Pref_Users extends Protected_Handler { $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); - $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE @@ -280,7 +280,7 @@ class Pref_Users extends Protected_Handler { $email = db_fetch_result($result, 0, "email"); $salt = db_fetch_result($result, 0, "salt"); - $new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); diff --git a/include/functions.php b/include/functions.php index f0ff2ce2..a4e19a23 100644 --- a/include/functions.php +++ b/include/functions.php @@ -701,7 +701,7 @@ // First login ? if (db_num_rows($result) == 0) { - $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); $query2 = "INSERT INTO ttrss_users @@ -731,7 +731,7 @@ if (db_num_rows($result) == 1) { // upgrade password to MODE2 - $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); db_query($link, "UPDATE ttrss_users SET @@ -818,7 +818,7 @@ function make_password($length = 8) { - return substr(bin2hex(openssl_random_pseudo_bytes($length / 2)), 0, $length); + return substr(bin2hex(get_random_bytes($length / 2)), 0, $length); } // this is called after user is created to initialize default feeds, labels @@ -5398,4 +5398,17 @@ } } + + function get_random_bytes($length) { + if (function_exists('openssl_random_pseudo_bytes')) { + return openssl_random_pseudo_bytes($length); + } else { + $output = ""; + + for ($i = 0; $i < $length; $i++) + $output .= chr(mt_rand(0, 255)); + + return $output; + } + } ?> diff --git a/register.php b/register.php index e75c1c94..97cea47c 100644 --- a/register.php +++ b/register.php @@ -270,7 +270,7 @@ $password = make_password(); - $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); db_query($link, "INSERT INTO ttrss_users -- 2.39.5