From fc385ba466a6f928cafec18c330bac281aa4a9b5 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sun, 21 Jul 2013 11:34:31 +0000
Subject: [PATCH] use new random number function

---
 lam/lib/account.inc                 | 21 +++++++++----------
 lam/lib/config.inc                  |  4 ++--
 lam/lib/ldap.inc                    | 31 +++++++----------------------
 lam/lib/modules/inetOrgPerson.inc   |  6 +++---
 lam/lib/pdf.inc                     |  2 +-
 lam/lib/types/user.inc              |  2 +-
 lam/templates/massBuildAccounts.php |  2 +-
 7 files changed, 26 insertions(+), 42 deletions(-)

diff --git a/lam/lib/account.inc b/lam/lib/account.inc
index 0e4bb62c..620d94d7 100644
--- a/lam/lib/account.inc
+++ b/lam/lib/account.inc
@@ -148,14 +148,6 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
 	if (! $password || ($password == "")) {
 		return "";
 	}
-	// calculate new random number
-	if (isset($_SESSION['ldap'])) {
-		$rand = $_SESSION['ldap']->new_rand();
-	}
-	else {
-		mt_srand((microtime() * 1000000));
-		$rand = mt_rand();
-	}
 	$hash = "";
 	switch ($hashType) {
 		case 'CRYPT':
@@ -212,7 +204,7 @@ function generateSalt($len) {
 	$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./';
 	$salt = '';
 	for ($i = 0; $i < $len; $i++) {
-		$pos= mt_rand(0, strlen($chars)-1);
+		$pos= getRandomNumber() % strlen($chars);
 		$salt .= $chars{$pos};
 	}
 	return $salt;
@@ -316,7 +308,7 @@ function generateRandomPassword() {
 	for ($x = 0; $x < 10000; $x++) {
 		$password = '';
 		for ($i = 0; $i < $length; $i++) {
-			$rand = $_SESSION['ldap']->new_rand() % 65;
+			$rand = getRandomNumber() % 65;
 			$password .= $list[$rand];
 		}
 		if (checkPasswordStrength($password) === true) {
@@ -994,4 +986,13 @@ class moduleCache {
 	
 }
 
+/**
+ * Returns a random number.
+ * 
+ * @return int random number
+ */
+function getRandomNumber() {
+	return mt_rand();
+}
+
 ?>
diff --git a/lam/lib/config.inc b/lam/lib/config.inc
index 5b9995b6..b17c0b7a 100644
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@@ -693,7 +693,7 @@ class LAMConfig {
 	public function set_Passwd($value) {
 		if (is_string($value)) {
 			mt_srand((microtime() * 1000000));
-			$rand = mt_rand();
+			$rand = getRandomNumber();
 			$salt0 = substr(pack("h*", md5($rand)), 0, 8);
 			$salt = substr(pack("H*", sha1($salt0 . $value)), 0, 4);
 			$this->Passwd = $this->hashPassword($value, $salt);
@@ -1482,7 +1482,7 @@ class LAMCfgMain {
 	 */
 	public function setPassword($password) {
 		mt_srand((microtime() * 1000000));
-		$rand = mt_rand();
+		$rand = getRandomNumber();
 		$salt0 = substr(pack("h*", md5($rand)), 0, 8);
 		$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
 		$this->password = $this->hashPassword($password, $salt);	
diff --git a/lam/lib/ldap.inc b/lam/lib/ldap.inc
index db38c35f..12488d25 100644
--- a/lam/lib/ldap.inc
+++ b/lam/lib/ldap.inc
@@ -63,9 +63,6 @@ class Ldap{
 	/** LDAP password used for bind */
 	private $password;
 
-	/** Random number (changes on every page request) */
-	private $rand;
-
 	/**
 	* Creates a new LDAP object.
 	* 
@@ -73,10 +70,12 @@ class Ldap{
 	*/
 	function __construct($config) {
 		setlanguage();
-		if (is_object($config)) $this->conf = $config;
-		else return false;
-		mt_srand((double)microtime()*1000000);
-		$this->rand = mt_rand();
+		if (is_object($config)) {
+			$this->conf = $config;
+		}
+		else {
+			return false;
+		}
 		return true;
 	}
 
@@ -148,15 +147,12 @@ class Ldap{
 	function __sleep() {
 		$this->close();
 		// define which attributes to save
-		return array("conf", "username", "password", "rand");
+		return array("conf", "username", "password");
 	}
 
 	/** Reconnects to LDAP server when deserialized */
 	function __wakeup() {
 		$this->is_connected = false;
-		// change random number
-		mt_srand($this->rand + (microtime() * 1000000));
-		$this->rand = mt_rand();
 		// delete PDF files and images which are older than 15 min
 		$tmpDir = dirname(__FILE__) . '/../tmp/';
 		$time = time();
@@ -189,19 +185,6 @@ class Ldap{
 		@closedir($dir);
 	}
 
-	/**
-	* Calculates a new value for rand
-	*
-	* @return int New random value
-	*/
-	function new_rand() {
-		// change random number
-		mt_srand($this->rand + (microtime() * 1000000));
-		$r = mt_rand();
-		$this->rand = $r;
-		return $r;
-	}
-
 	/**
 	* Encrypts a string
 	*
diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc
index e7afd28a..d9a8945e 100644
--- a/lam/lib/modules/inetOrgPerson.inc
+++ b/lam/lib/modules/inetOrgPerson.inc
@@ -2094,7 +2094,7 @@ class inetOrgPerson extends baseModule implements passwordService {
 		$photoFile = '../../graphics/userDefault.png';
 		$noPhoto = true;
 		if (isset($this->attributes['jpegPhoto'][0])) {
-			$jpeg_filename = 'jpg' . $_SESSION['ldap']->new_rand() . '.jpg';
+			$jpeg_filename = 'jpg' . getRandomNumber() . '.jpg';
 			$outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb");
 			fwrite($outjpeg, $this->attributes['jpegPhoto'][0]);
 			fclose ($outjpeg);
@@ -2260,7 +2260,7 @@ class inetOrgPerson extends baseModule implements passwordService {
 			$table = new htmlTable();
 			$table->colspan = 10;
 			for ($i = 0; $i < sizeof($this->attributes['userCertificate;binary']); $i++) {
-				$filename = 'userCertificate' . $_SESSION['ldap']->new_rand() . '.der';
+				$filename = 'userCertificate' . getRandomNumber() . '.der';
 				$out = @fopen(dirname(__FILE__) . '/../../tmp/' . $filename, "wb");
 				fwrite($out, $this->attributes['userCertificate;binary'][$i]);
 				fclose ($out);
@@ -3226,7 +3226,7 @@ class inetOrgPerson extends baseModule implements passwordService {
 		if (sizeof($userCertificates) > 0) {
 			$certTable = new htmlTable();
 			for ($i = 0; $i < sizeof($userCertificates); $i++) {
-				$filename = 'userCertificate' . mt_rand() . '.der';
+				$filename = 'userCertificate' . getRandomNumber() . '.der';
 				$out = @fopen(dirname(__FILE__) . '/../../tmp/' . $filename, "wb");
 				fwrite($out, $userCertificates[$i]);
 				fclose ($out);
diff --git a/lam/lib/pdf.inc b/lam/lib/pdf.inc
index d87da592..72228c35 100644
--- a/lam/lib/pdf.inc
+++ b/lam/lib/pdf.inc
@@ -147,7 +147,7 @@ function createModulePDF($accounts, $pdf_structure="default", $returnAsString =
 	$pdf->Close();
 	if (!$returnAsString) {
 		// use timestamp and random number from ldap.inc as filename so it should be unique.
-		$filename = '../../tmp/' . $_SESSION['ldap']->new_rand() . time() .'.pdf';
+		$filename = '../../tmp/' . getRandomNumber() . time() .'.pdf';
 		// Save PDF
 		$pdf->Output($filename);
 		chmod($filename, 0600);
diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc
index a1f52a22..aad9d819 100644
--- a/lam/lib/types/user.inc
+++ b/lam/lib/types/user.inc
@@ -605,7 +605,7 @@ class lamUserList extends lamList {
 					}
 				}
 			}
-			$imgNumber = $_SESSION['ldap']->new_rand(); 
+			$imgNumber = getRandomNumber(); 
 			$jpeg_filename = 'jpg' . $imgNumber . '.jpg';
 			$outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb");
 			fwrite($outjpeg, $entry[$attribute][0]);
diff --git a/lam/templates/massBuildAccounts.php b/lam/templates/massBuildAccounts.php
index 73fdee67..45396274 100644
--- a/lam/templates/massBuildAccounts.php
+++ b/lam/templates/massBuildAccounts.php
@@ -230,7 +230,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
 				if (isset($_POST['createPDF']) && ($_POST['createPDF'] == 'on')) {
 					$_SESSION['mass_pdf']['structure'] = $_POST['pdfStructure'];
 					$_SESSION['mass_pdf']['counter'] = 0;
-					$_SESSION['mass_pdf']['file'] = '../tmp/lam_pdf' . $_SESSION['ldap']->new_rand() . '.zip';
+					$_SESSION['mass_pdf']['file'] = '../tmp/lam_pdf' . getRandomNumber() . '.zip';
 				}
 				else {
 					$_SESSION['mass_pdf']['structure'] = null;