Permalink
Browse files

Added questionaly better default token generation (at least for *nix …

…systems)
  • Loading branch information...
catchdave committed Jan 24, 2012
1 parent cf9b859 commit b11aac35a5e946710355c812bdd5a48bdf681fc2
Showing with 16 additions and 8 deletions.
  1. +16 −8 lib/OAuth2.php
View
@@ -1043,33 +1043,41 @@ private function createAuthCode($client_id, $user_id, $redirect_uri, $scope = NU
}
/**
- * Generate unique access token.
+ * Generates an unique access token.
*
- * Implementing classes may want to override these function to implement
- * other access token or auth code generation schemes.
+ * Implementing classes may want to override this function to implement
+ * other access token generation schemes.
*
* @return
* An unique access token.
*
* @ingroup oauth2_section_4
+ * @see OAuth2::genAuthCode()
*/
protected function genAccessToken() {
- return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), microtime(true), uniqid(mt_rand(), true))));
+ $tokenLen = 40;
+ if (file_exists('/dev/urandom')) { // Get 100 bytes of random data
+ $randomData = file_get_contents('/dev/urandom', false, null, 0, 100).uniqid(mt_rand(), true);
+ } else {
+ $randomData = mt_rand().mt_rand().mt_rand().mt_rand().microtime(true).uniqid(mt_rand(), true);
+ }
+ return substr(hash('sha512', $randomData), 0, $tokenLen);
}
/**
- * Generate unique auth code.
+ * Generates an unique auth code.
*
- * Implementing classes may want to override these function to implement
- * other access token or auth code generation schemes.
+ * Implementing classes may want to override this function to implement
+ * other auth code generation schemes.
*
* @return
* An unique auth code.
*
* @ingroup oauth2_section_4
+ * @see OAuth2::genAccessToken()
*/
protected function genAuthCode() {
- return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), microtime(true), uniqid(mt_rand(), true))));
+ return $this->genAccessToken(); // let's reuse the same scheme for token generation
}
/**

1 comment on commit b11aac3

Fixes #2

Please sign in to comment.