extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 04:29:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

use cryptographically secure random_int available in PHP 7+ when generating default passwords

Browse Source
This commit is contained in:
Ralf Becker 2017-02-02 15:44:40 +01:00
parent c8605a0e7d
commit ba8b1c403e
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/Auth.php
View File

@ -292,10 +292,13 @@ class Auth
$random_char = array_merge($random_char, str_split(str_replace('\\', '', self::SPECIALCHARS)), $random_char);
}
// use cryptographically secure random_int available in PHP 7+
$func = function_exists('random_int') ? 'random_int' : 'mt_rand';
$s = '';
for ($i=0; $i < $size; $i++)
{
$s .= $random_char[mt_rand(0, count($random_char)-1)];
$s .= $random_char[$func(0, count($random_char)-1)];
}
return $s;
}

5
doc/rpm-build/post_install.php
View File

@ -550,10 +550,13 @@ function randomstring($len=16)
'>','|','[',']','}', // dont add /\,'"{ as we have problems dealing with them
);
// use cryptographically secure random_int available in PHP 7+
$func = function_exists('random_int') ? 'random_int' : 'mt_rand';
$str = '';
for($i=0; $i < $len; $i++)
{
$str .= $usedchars[mt_rand(0,count($usedchars)-1)];
$str .= $usedchars[$func(0,count($usedchars)-1)];
}
return $str;
}