bug 3082: increase randomness on generate_key

git-svn-id: http://piwigo.org/svn/branches/2.6@28675 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2014-06-11 07:49:38 +00:00
parent a22ae2f97c
commit 05e8753992
+22 -15
View File
@@ -62,25 +62,32 @@ if (isset($conf['session_save_handler'])
*/
function generate_key($size)
{
global $conf;
$md5 = md5(substr(microtime(), 2, 6));
$init = '';
for ( $i = 0; $i < strlen( $md5 ); $i++ )
if (
is_callable('openssl_random_pseudo_bytes')
and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR'))
)
{
if ( is_numeric( $md5[$i] ) ) $init.= $md5[$i];
return substr(
str_replace(
array('+', '/'),
'',
base64_encode(openssl_random_pseudo_bytes($size))
),
0,
$size
);
}
$init = substr( $init, 0, 8 );
mt_srand( $init );
$key = '';
for ( $i = 0; $i < $size; $i++ )
else
{
$c = mt_rand( 0, 2 );
if ( $c == 0 ) $key .= chr( mt_rand( 65, 90 ) );
else if ( $c == 1 ) $key .= chr( mt_rand( 97, 122 ) );
else $key .= mt_rand( 0, 9 );
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$l = strlen($alphabet)-1;
$key = '';
for ($i=0; $i<$size; $i++)
{
$key.= $alphabet[mt_rand(0, $l)];
}
return $key;
}
return $key;
}
/**