From 8db5d8ea6d38df8a18e8290753b1b29f76bcf962 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 23 Jan 2012 22:04:01 +0400
Subject: add get_random_bytes() in case openssl_random_pseudo_bytes() is
 unavailable

---
 include/functions.php | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index f0ff2ce28..a4e19a231 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -701,7 +701,7 @@
 
 					// First login ?
 					if (db_num_rows($result) == 0) {
-						$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+						$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 						$pwd_hash = encrypt_password($password, $salt, true);
 
 						$query2 = "INSERT INTO ttrss_users
@@ -731,7 +731,7 @@
 					if (db_num_rows($result) == 1) {
 						// upgrade password to MODE2
 
-						$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+						$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 						$pwd_hash = encrypt_password($password, $salt, true);
 
 						db_query($link, "UPDATE ttrss_users SET
@@ -818,7 +818,7 @@
 
 	function make_password($length = 8) {
 
-		return substr(bin2hex(openssl_random_pseudo_bytes($length / 2)), 0, $length);
+		return substr(bin2hex(get_random_bytes($length / 2)), 0, $length);
 	}
 
 	// this is called after user is created to initialize default feeds, labels
@@ -5398,4 +5398,17 @@
 
 		}
 	}
+
+	function get_random_bytes($length) {
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return openssl_random_pseudo_bytes($length);
+		} else {
+			$output = "";
+
+			for ($i = 0; $i < $length; $i++)
+				$output .= chr(mt_rand(0, 255));
+
+			return $output;
+		}
+	}
 ?>
-- 
cgit v1.2.3