mirror of
https://tt-rss.org/git/tt-rss.git
synced 2024-06-29 12:20:51 +02:00
add get_random_bytes() in case openssl_random_pseudo_bytes() is unavailable
This commit is contained in:
parent
098df83ba6
commit
8db5d8ea6d
|
@ -52,7 +52,7 @@ class Pref_Prefs extends Protected_Handler {
|
||||||
|
|
||||||
if (db_num_rows($result) == 1) {
|
if (db_num_rows($result) == 1) {
|
||||||
|
|
||||||
$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$new_pw_hash = encrypt_password($new_pw, $new_salt, true);
|
$new_pw_hash = encrypt_password($new_pw, $new_salt, true);
|
||||||
|
|
||||||
db_query($this->link, "UPDATE ttrss_users SET
|
db_query($this->link, "UPDATE ttrss_users SET
|
||||||
|
|
|
@ -206,7 +206,7 @@ class Pref_Users extends Protected_Handler {
|
||||||
$password = db_escape_string(trim($_REQUEST["password"]));
|
$password = db_escape_string(trim($_REQUEST["password"]));
|
||||||
|
|
||||||
if ($password) {
|
if ($password) {
|
||||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$pwd_hash = encrypt_password($password, $salt, true);
|
$pwd_hash = encrypt_password($password, $salt, true);
|
||||||
$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
|
$pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
|
||||||
} else {
|
} else {
|
||||||
|
@ -234,7 +234,7 @@ class Pref_Users extends Protected_Handler {
|
||||||
|
|
||||||
$login = db_escape_string(trim($_REQUEST["login"]));
|
$login = db_escape_string(trim($_REQUEST["login"]));
|
||||||
$tmp_user_pwd = make_password(8);
|
$tmp_user_pwd = make_password(8);
|
||||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
|
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
|
||||||
|
|
||||||
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
|
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
|
||||||
|
@ -280,7 +280,7 @@ class Pref_Users extends Protected_Handler {
|
||||||
$email = db_fetch_result($result, 0, "email");
|
$email = db_fetch_result($result, 0, "email");
|
||||||
$salt = db_fetch_result($result, 0, "salt");
|
$salt = db_fetch_result($result, 0, "salt");
|
||||||
|
|
||||||
$new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$tmp_user_pwd = make_password(8);
|
$tmp_user_pwd = make_password(8);
|
||||||
|
|
||||||
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
|
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
|
||||||
|
|
|
@ -701,7 +701,7 @@
|
||||||
|
|
||||||
// First login ?
|
// First login ?
|
||||||
if (db_num_rows($result) == 0) {
|
if (db_num_rows($result) == 0) {
|
||||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$pwd_hash = encrypt_password($password, $salt, true);
|
$pwd_hash = encrypt_password($password, $salt, true);
|
||||||
|
|
||||||
$query2 = "INSERT INTO ttrss_users
|
$query2 = "INSERT INTO ttrss_users
|
||||||
|
@ -731,7 +731,7 @@
|
||||||
if (db_num_rows($result) == 1) {
|
if (db_num_rows($result) == 1) {
|
||||||
// upgrade password to MODE2
|
// upgrade password to MODE2
|
||||||
|
|
||||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$pwd_hash = encrypt_password($password, $salt, true);
|
$pwd_hash = encrypt_password($password, $salt, true);
|
||||||
|
|
||||||
db_query($link, "UPDATE ttrss_users SET
|
db_query($link, "UPDATE ttrss_users SET
|
||||||
|
@ -818,7 +818,7 @@
|
||||||
|
|
||||||
function make_password($length = 8) {
|
function make_password($length = 8) {
|
||||||
|
|
||||||
return substr(bin2hex(openssl_random_pseudo_bytes($length / 2)), 0, $length);
|
return substr(bin2hex(get_random_bytes($length / 2)), 0, $length);
|
||||||
}
|
}
|
||||||
|
|
||||||
// this is called after user is created to initialize default feeds, labels
|
// this is called after user is created to initialize default feeds, labels
|
||||||
|
@ -5398,4 +5398,17 @@
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function get_random_bytes($length) {
|
||||||
|
if (function_exists('openssl_random_pseudo_bytes')) {
|
||||||
|
return openssl_random_pseudo_bytes($length);
|
||||||
|
} else {
|
||||||
|
$output = "";
|
||||||
|
|
||||||
|
for ($i = 0; $i < $length; $i++)
|
||||||
|
$output .= chr(mt_rand(0, 255));
|
||||||
|
|
||||||
|
return $output;
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -270,7 +270,7 @@
|
||||||
|
|
||||||
$password = make_password();
|
$password = make_password();
|
||||||
|
|
||||||
$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
|
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
|
||||||
$pwd_hash = encrypt_password($password, $salt, true);
|
$pwd_hash = encrypt_password($password, $salt, true);
|
||||||
|
|
||||||
db_query($link, "INSERT INTO ttrss_users
|
db_query($link, "INSERT INTO ttrss_users
|
||||||
|
|
Loading…
Reference in New Issue
Block a user