Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Replace newly introduced tep_generate_password() function with an imp…

…roved tep_create_random_value() version; the usage of mt_rand() here is replaced with Phpass' better random bytes generator function.
  • Loading branch information...
commit cbdca23efdfd6a31e76612931a122efedacede5c 1 parent 0e58d65
@haraldpdl haraldpdl authored committed
View
53 catalog/includes/functions/general.php
@@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
- Copyright (c) 2007 osCommerce
+ Copyright (c) 2012 osCommerce
Released under the GNU General Public License
*/
@@ -1104,25 +1104,46 @@ function tep_count_shipping_modules() {
}
function tep_create_random_value($length, $type = 'mixed') {
- if ( ($type != 'mixed') && ($type != 'chars') && ($type != 'digits')) return false;
+ if ( ($type != 'mixed') && ($type != 'chars') && ($type != 'digits')) $type = 'mixed';
- $rand_value = '';
- while (strlen($rand_value) < $length) {
- if ($type == 'digits') {
- $char = tep_rand(0,9);
- } else {
- $char = chr(tep_rand(0,255));
- }
- if ($type == 'mixed') {
- if (preg_match('/^[a-z0-9]$/i', $char)) $rand_value .= $char;
- } elseif ($type == 'chars') {
- if (preg_match('/^[a-z]$/i', $char)) $rand_value .= $char;
- } elseif ($type == 'digits') {
- if (preg_match('/^[0-9]$/i', $char)) $rand_value .= $char;
+ $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ $digits = '0123456789';
+
+ $base = '';
+
+ if ( ($type == 'mixed') || ($type == 'chars') ) {
+ $base .= $chars;
+ }
+
+ if ( ($type == 'mixed') || ($type == 'digits') ) {
+ $base .= $digits;
+ }
+
+ $value = '';
+
+ if (!class_exists('PasswordHash')) {
+ include(DIR_WS_CLASSES . 'passwordhash.php');
+ }
+
+ $hasher = new PasswordHash(10, true);
+
+ do {
+ $random = base64_encode($hasher->get_random_bytes($length));
+
+ for ($i = 0, $n = strlen($random); $i < $n; $i++) {
+ $char = substr($random, $i, 1);
+
+ if ( strpos($base, $char) !== false ) {
+ $value .= $char;
+ }
}
+ } while ( strlen($value) < $length );
+
+ if ( strlen($value) > $length ) {
+ $value = substr($value, 0, $length);
}
- return $rand_value;
+ return $value;
}
function tep_array_to_string($array, $exclude = '', $equals = '=', $separator = '&') {
View
14 catalog/includes/functions/password_funcs.php
@@ -5,7 +5,7 @@
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
- Copyright (c) 2012 osCommerce
+ Copyright (c) 2010 osCommerce
Released under the GNU General Public License
*/
@@ -89,16 +89,4 @@ function tep_password_type($encrypted) {
return 'phpass';
}
-
-////
-// This function generates a random password
- function tep_generate_password($length) {
- if (!class_exists('PasswordHash')) {
- include(DIR_WS_CLASSES . 'passwordhash.php');
- }
-
- $hasher = new PasswordHash(10, true);
-
- return substr(base64_encode($hasher->get_random_bytes($length*2)), 0, $length);
- }
?>
View
2  catalog/password_forgotten.php
@@ -21,7 +21,7 @@
if (tep_db_num_rows($check_customer_query)) {
$check_customer = tep_db_fetch_array($check_customer_query);
- $new_password = tep_generate_password(12);
+ $new_password = tep_create_random_value(max(ENTRY_PASSWORD_MIN_LENGTH, 12));
$crypted_password = tep_encrypt_password($new_password);
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '" . tep_db_input($crypted_password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");
Please sign in to comment.
Something went wrong with that request. Please try again.