Permalink
Browse files

Fallback for systems without openssl

  • Loading branch information...
LukasReschke committed Sep 29, 2012
1 parent 992c2c9 commit ef57e9294b52b838f65c9896c6d85c2f8663c90b
Showing with 30 additions and 7 deletions.
  1. +1 −1 core/lostpassword/index.php
  2. +1 −2 lib/setup.php
  3. +28 −4 lib/util.php
@@ -13,7 +13,7 @@
// Someone lost their password:
if (isset($_POST['user'])) {
if (OC_User::userExists($_POST['user'])) {
- $token = hash("sha256", $_POST['user'].openssl_random_pseudo_bytes(10, $cstrong));
+ $token = hash("sha256", $_POST['user'].OC_Util::generate_random_bytes(10));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email)) {
View
@@ -79,8 +79,7 @@ public static function install($options) {
}
//generate a random salt that is used to salt the local user passwords
- $random_bytes = openssl_random_pseudo_bytes(30, $cstrong);
- $salt = bin2hex($random_bytes);
+ $salt = OC_Util::generate_random_bytes(30);
OC_Config::setValue('passwordsalt', $salt);
//write the config file
View
@@ -437,9 +437,7 @@ public static function getInstanceId() {
*/
public static function callRegister() {
// generate a random token.
- $bytes = openssl_random_pseudo_bytes(10, $cstrong);
- $hex = bin2hex($bytes);
- $token = $hex;
+ $token = self::generate_random_bytes(20);
// store the token together with a timestamp in the session.
$_SESSION['requesttoken-'.$token]=time();
@@ -550,4 +548,30 @@ public static function ishtaccessworking() {
}
}
-}
+ /*
+ * @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
+ * Inspired by gorgo on php.net
+ * @param Int with the length of the random
+ * @return String with the random bytes
+ */
+ public static function generate_random_bytes($length = 30) {
+ if(function_exists('openssl_random_pseudo_bytes')) {
+ $pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
+ if($strong == TRUE) {
+ return substr($pseudo_byte, 0, $length); // Truncate it to match the length
+ }
+ }
+
+ // fallback to mt_rand()
+ $characters = '0123456789';
+ $characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+ $charactersLength = strlen($characters)-1;
+ $pseudo_byte = "";
+
+ // Select some random characters
+ for ($i = 0; $i < $length; $i++) {
+ $pseudo_byte .= $characters[mt_rand(0, $charactersLength)];
+ }
+ return $pseudo_byte;
+ }
+}

0 comments on commit ef57e92

Please sign in to comment.