Browse Source

add get_random_bytes() in case openssl_random_pseudo_bytes() is unavailable

Andrew Dolgov 8 years ago
parent
commit
8db5d8ea6d
4 changed files with 21 additions and 8 deletions
  1. 1 1
      classes/pref_prefs.php
  2. 3 3
      classes/pref_users.php
  3. 16 3
      include/functions.php
  4. 1 1
      register.php

+ 1 - 1
classes/pref_prefs.php

@@ -52,7 +52,7 @@ class Pref_Prefs extends Protected_Handler {
 
 		if (db_num_rows($result) == 1) {
 
-			$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+			$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$new_pw_hash = encrypt_password($new_pw, $new_salt, true);
 
 			db_query($this->link, "UPDATE ttrss_users SET

+ 3 - 3
classes/pref_users.php

@@ -206,7 +206,7 @@ class Pref_Users extends Protected_Handler {
 			$password = db_escape_string(trim($_REQUEST["password"]));
 
 			if ($password) {
-				$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 				$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
 			} else {
@@ -234,7 +234,7 @@ class Pref_Users extends Protected_Handler {
 
 			$login = db_escape_string(trim($_REQUEST["login"]));
 			$tmp_user_pwd = make_password(8);
-			$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+			$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
 
 			$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
@@ -280,7 +280,7 @@ class Pref_Users extends Protected_Handler {
 			$email = db_fetch_result($result, 0, "email");
 			$salt = db_fetch_result($result, 0, "salt");
 
-			$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+			$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 			$tmp_user_pwd = make_password(8);
 
 			$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);

+ 16 - 3
include/functions.php

@@ -701,7 +701,7 @@
 
 					// First login ?
 					if (db_num_rows($result) == 0) {
-						$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+						$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 						$pwd_hash = encrypt_password($password, $salt, true);
 
 						$query2 = "INSERT INTO ttrss_users
@@ -731,7 +731,7 @@
 					if (db_num_rows($result) == 1) {
 						// upgrade password to MODE2
 
-						$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+						$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 						$pwd_hash = encrypt_password($password, $salt, true);
 
 						db_query($link, "UPDATE ttrss_users SET
@@ -818,7 +818,7 @@
 
 	function make_password($length = 8) {
 
-		return substr(bin2hex(openssl_random_pseudo_bytes($length / 2)), 0, $length);
+		return substr(bin2hex(get_random_bytes($length / 2)), 0, $length);
 	}
 
 	// this is called after user is created to initialize default feeds, labels
@@ -5398,4 +5398,17 @@
 
 		}
 	}
+
+	function get_random_bytes($length) {
+		if (function_exists('openssl_random_pseudo_bytes')) {
+			return openssl_random_pseudo_bytes($length);
+		} else {
+			$output = "";
+
+			for ($i = 0; $i < $length; $i++)
+				$output .= chr(mt_rand(0, 255));
+
+			return $output;
+		}
+	}
 ?>

+ 1 - 1
register.php

@@ -270,7 +270,7 @@
 
 				$password = make_password();
 
-				$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
 				$pwd_hash = encrypt_password($password, $salt, true);
 
 				db_query($link, "INSERT INTO ttrss_users