Changeset 28615

Timestamp:

Jun 3, 2014, 10:07:32 AM (10 years ago)

Author:

plg

Message:

bug 3082: increase generate_key randomness with openssl_random_pseudo_bytes (with fallback on mt_rand for Windows+PHP<5.3.4)

File:

• trunk/include/functions_session.inc.php (modified) (1 diff)

trunk/include/functions_session.inc.php

@@ -59 +59 @@
  *
  * @param int $size
- * @param string $alphabet chars to use in the key,
- *    default is all digits and all letters uppercase and lowercase
  * @return string
  */
-function generate_key($size, $alphabet='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
-{
-  $l = strlen($alphabet)-1;
-  $key = '';
-  for ($i=0; $i<$size; $i++)
-  {
-    $key.= $alphabet[mt_rand(0, $l)];
-  }
-  return $key;
+function generate_key($size)
+{
+  if (
+    is_callable('openssl_random_pseudo_bytes')
+    and !(version_compare(PHP_VERSION, '5.3.4') < 0 and defined('PHP_WINDOWS_VERSION_MAJOR'))
+    )
+  {
+    return substr(
+      str_replace(
+        array('+', '/'),
+        '',
+        base64_encode(openssl_random_pseudo_bytes($size))
+        ),
+      0,
+      $size
+      );
+  }
+  else
+  {
+    $alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+    $l = strlen($alphabet)-1;
+    $key = '';
+    for ($i=0; $i<$size; $i++)
+    {
+      $key.= $alphabet[mt_rand(0, $l)];
+    }
+    return $key;
+  }
 }