add get_random_bytes() in case openssl_random_pseudo_bytes() is unavailable

2 files changed, 4 insertions, 4 deletions

diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php
index 175566d8c..57971ccb1 100644
--- a/classes/pref_prefs.php
+++ b/classes/pref_prefs.php
@@ -52,7 +52,7 @@ class Pref_Prefs extends Protected_Handler {
 
 		if (db_num_rows($result) == 1) {
 
-			$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+			$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$new_pw_hash = encrypt_password($new_pw, $new_salt, true);
 
 			db_query($this->link, "UPDATE ttrss_users SET
diff --git a/classes/pref_users.php b/classes/pref_users.php
index 975b41f5c..94ee270d3 100644
--- a/classes/pref_users.php
+++ b/classes/pref_users.php
@@ -206,7 +206,7 @@ class Pref_Users extends Protected_Handler {
 			$password = db_escape_string(trim($_REQUEST["password"]));
 
 			if ($password) {
-				$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 				$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
 			} else {
@@ -234,7 +234,7 @@ class Pref_Users extends Protected_Handler {
 
 			$login = db_escape_string(trim($_REQUEST["login"]));
 			$tmp_user_pwd = make_password(8);
-			$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+			$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
 
 			$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
@@ -280,7 +280,7 @@ class Pref_Users extends Protected_Handler {
 			$email = db_fetch_result($result, 0, "email");
 			$salt = db_fetch_result($result, 0, "salt");
 
-			$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+			$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$tmp_user_pwd = make_password(8);
 
 			$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);