use new random number function
This commit is contained in:
Roland Gruber
parent
a235a151e7
commit
fc385ba466
|
|
@ -148,14 +148,6 @@ function pwd_hash($password, $enabled = true, $hashType = 'SSHA') {
|
|||
if (! $password || ($password == "")) {
|
||||
return "";
|
||||
}
|
||||
// calculate new random number
|
||||
if (isset($_SESSION['ldap'])) {
|
||||
$rand = $_SESSION['ldap']->new_rand();
|
||||
}
|
||||
else {
|
||||
mt_srand((microtime() * 1000000));
|
||||
$rand = mt_rand();
|
||||
}
|
||||
$hash = "";
|
||||
switch ($hashType) {
|
||||
case 'CRYPT':
|
||||
|
|
@ -212,7 +204,7 @@ function generateSalt($len) {
|
|||
$chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890./';
|
||||
$salt = '';
|
||||
for ($i = 0; $i < $len; $i++) {
|
||||
$pos= mt_rand(0, strlen($chars)-1);
|
||||
$pos= getRandomNumber() % strlen($chars);
|
||||
$salt .= $chars{$pos};
|
||||
}
|
||||
return $salt;
|
||||
|
|
@ -316,7 +308,7 @@ function generateRandomPassword() {
|
|||
for ($x = 0; $x < 10000; $x++) {
|
||||
$password = '';
|
||||
for ($i = 0; $i < $length; $i++) {
|
||||
$rand = $_SESSION['ldap']->new_rand() % 65;
|
||||
$rand = getRandomNumber() % 65;
|
||||
$password .= $list[$rand];
|
||||
}
|
||||
if (checkPasswordStrength($password) === true) {
|
||||
|
|
@ -994,4 +986,13 @@ class moduleCache {
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a random number.
|
||||
*
|
||||
* @return int random number
|
||||
*/
|
||||
function getRandomNumber() {
|
||||
return mt_rand();
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -693,7 +693,7 @@ class LAMConfig {
|
|||
public function set_Passwd($value) {
|
||||
if (is_string($value)) {
|
||||
mt_srand((microtime() * 1000000));
|
||||
$rand = mt_rand();
|
||||
$rand = getRandomNumber();
|
||||
$salt0 = substr(pack("h*", md5($rand)), 0, 8);
|
||||
$salt = substr(pack("H*", sha1($salt0 . $value)), 0, 4);
|
||||
$this->Passwd = $this->hashPassword($value, $salt);
|
||||
|
|
@ -1482,7 +1482,7 @@ class LAMCfgMain {
|
|||
*/
|
||||
public function setPassword($password) {
|
||||
mt_srand((microtime() * 1000000));
|
||||
$rand = mt_rand();
|
||||
$rand = getRandomNumber();
|
||||
$salt0 = substr(pack("h*", md5($rand)), 0, 8);
|
||||
$salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4);
|
||||
$this->password = $this->hashPassword($password, $salt);
|
||||
|
|
|
|||
|
|
@ -63,9 +63,6 @@ class Ldap{
|
|||
/** LDAP password used for bind */
|
||||
private $password;
|
||||
|
||||
/** Random number (changes on every page request) */
|
||||
private $rand;
|
||||
|
||||
/**
|
||||
* Creates a new LDAP object.
|
||||
*
|
||||
|
|
@ -73,10 +70,12 @@ class Ldap{
|
|||
*/
|
||||
function __construct($config) {
|
||||
setlanguage();
|
||||
if (is_object($config)) $this->conf = $config;
|
||||
else return false;
|
||||
mt_srand((double)microtime()*1000000);
|
||||
$this->rand = mt_rand();
|
||||
if (is_object($config)) {
|
||||
$this->conf = $config;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -148,15 +147,12 @@ class Ldap{
|
|||
function __sleep() {
|
||||
$this->close();
|
||||
// define which attributes to save
|
||||
return array("conf", "username", "password", "rand");
|
||||
return array("conf", "username", "password");
|
||||
}
|
||||
|
||||
/** Reconnects to LDAP server when deserialized */
|
||||
function __wakeup() {
|
||||
$this->is_connected = false;
|
||||
// change random number
|
||||
mt_srand($this->rand + (microtime() * 1000000));
|
||||
$this->rand = mt_rand();
|
||||
// delete PDF files and images which are older than 15 min
|
||||
$tmpDir = dirname(__FILE__) . '/../tmp/';
|
||||
$time = time();
|
||||
|
|
@ -189,19 +185,6 @@ class Ldap{
|
|||
@closedir($dir);
|
||||
}
|
||||
|
||||
/**
|
||||
* Calculates a new value for rand
|
||||
*
|
||||
* @return int New random value
|
||||
*/
|
||||
function new_rand() {
|
||||
// change random number
|
||||
mt_srand($this->rand + (microtime() * 1000000));
|
||||
$r = mt_rand();
|
||||
$this->rand = $r;
|
||||
return $r;
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypts a string
|
||||
*
|
||||
|
|
|
|||
|
|
@ -2094,7 +2094,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
$photoFile = '../../graphics/userDefault.png';
|
||||
$noPhoto = true;
|
||||
if (isset($this->attributes['jpegPhoto'][0])) {
|
||||
$jpeg_filename = 'jpg' . $_SESSION['ldap']->new_rand() . '.jpg';
|
||||
$jpeg_filename = 'jpg' . getRandomNumber() . '.jpg';
|
||||
$outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb");
|
||||
fwrite($outjpeg, $this->attributes['jpegPhoto'][0]);
|
||||
fclose ($outjpeg);
|
||||
|
|
@ -2260,7 +2260,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
$table = new htmlTable();
|
||||
$table->colspan = 10;
|
||||
for ($i = 0; $i < sizeof($this->attributes['userCertificate;binary']); $i++) {
|
||||
$filename = 'userCertificate' . $_SESSION['ldap']->new_rand() . '.der';
|
||||
$filename = 'userCertificate' . getRandomNumber() . '.der';
|
||||
$out = @fopen(dirname(__FILE__) . '/../../tmp/' . $filename, "wb");
|
||||
fwrite($out, $this->attributes['userCertificate;binary'][$i]);
|
||||
fclose ($out);
|
||||
|
|
@ -3226,7 +3226,7 @@ class inetOrgPerson extends baseModule implements passwordService {
|
|||
if (sizeof($userCertificates) > 0) {
|
||||
$certTable = new htmlTable();
|
||||
for ($i = 0; $i < sizeof($userCertificates); $i++) {
|
||||
$filename = 'userCertificate' . mt_rand() . '.der';
|
||||
$filename = 'userCertificate' . getRandomNumber() . '.der';
|
||||
$out = @fopen(dirname(__FILE__) . '/../../tmp/' . $filename, "wb");
|
||||
fwrite($out, $userCertificates[$i]);
|
||||
fclose ($out);
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ function createModulePDF($accounts, $pdf_structure="default", $returnAsString =
|
|||
$pdf->Close();
|
||||
if (!$returnAsString) {
|
||||
// use timestamp and random number from ldap.inc as filename so it should be unique.
|
||||
$filename = '../../tmp/' . $_SESSION['ldap']->new_rand() . time() .'.pdf';
|
||||
$filename = '../../tmp/' . getRandomNumber() . time() .'.pdf';
|
||||
// Save PDF
|
||||
$pdf->Output($filename);
|
||||
chmod($filename, 0600);
|
||||
|
|
|
|||
|
|
@ -605,7 +605,7 @@ class lamUserList extends lamList {
|
|||
}
|
||||
}
|
||||
}
|
||||
$imgNumber = $_SESSION['ldap']->new_rand();
|
||||
$imgNumber = getRandomNumber();
|
||||
$jpeg_filename = 'jpg' . $imgNumber . '.jpg';
|
||||
$outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb");
|
||||
fwrite($outjpeg, $entry[$attribute][0]);
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) {
|
|||
if (isset($_POST['createPDF']) && ($_POST['createPDF'] == 'on')) {
|
||||
$_SESSION['mass_pdf']['structure'] = $_POST['pdfStructure'];
|
||||
$_SESSION['mass_pdf']['counter'] = 0;
|
||||
$_SESSION['mass_pdf']['file'] = '../tmp/lam_pdf' . $_SESSION['ldap']->new_rand() . '.zip';
|
||||
$_SESSION['mass_pdf']['file'] = '../tmp/lam_pdf' . getRandomNumber() . '.zip';
|
||||
}
|
||||
else {
|
||||
$_SESSION['mass_pdf']['structure'] = null;
|
||||
|
|
|
|||
Loading…
Reference in New Issue