mirror of
https://github.com/lucaspalomodevelop/core.git
synced 2026-03-14 00:24:40 +00:00
Use random_bytes() from PHP 7.0+ and simplify the voucher generation (#5659)
* Use random_bytes() from PHP 7.0+ * Simplify voucher generation
This commit is contained in:
oittaa
GitHub
parent
ec5f6877f5
commit
5fd93bde41
@ -433,7 +433,7 @@ function local_user_set_password(&$user, $password = null)
|
||||
{
|
||||
if ($password == null) {
|
||||
/* generate a random password */
|
||||
$bytes = openssl_random_pseudo_bytes(50);
|
||||
$bytes = random_bytes(50);
|
||||
$password = pack('H*', bin2hex($bytes));
|
||||
}
|
||||
|
||||
|
||||
@ -88,8 +88,8 @@ class API extends Base implements IAuthConnector
|
||||
}
|
||||
$item = $apikeys->addChild('item');
|
||||
|
||||
$newKey = base64_encode(openssl_random_pseudo_bytes(60));
|
||||
$newSecret = base64_encode(openssl_random_pseudo_bytes(60));
|
||||
$newKey = base64_encode(random_bytes(60));
|
||||
$newSecret = base64_encode(random_bytes(60));
|
||||
|
||||
$item->addChild('key', $newKey);
|
||||
$item->addChild('secret', crypt($newSecret, '$6$'));
|
||||
|
||||
@ -193,41 +193,10 @@ class Voucher extends Base implements IAuthConnector
|
||||
{
|
||||
$response = array();
|
||||
if ($this->dbHandle != null) {
|
||||
$characterMap = '!#$%()*+,-./0123456789:;=?@ABCDEFGHIJKLMNPQRSTUVWXYZ[\]_abcdefghijkmnopqrstuvwxyz';
|
||||
if ($this->simplePasswords) {
|
||||
// create a map of easy to read characters
|
||||
$characterMap = '';
|
||||
while (strlen($characterMap) < 256) {
|
||||
$random_bytes = openssl_random_pseudo_bytes(10000);
|
||||
for ($i = 0; $i < strlen($random_bytes); $i++) {
|
||||
$chr_ord = ord($random_bytes[$i]);
|
||||
if (
|
||||
($chr_ord >= 50 && $chr_ord <= 57) || // 2..9
|
||||
($chr_ord >= 65 && $chr_ord <= 72) || // A..H
|
||||
($chr_ord >= 74 && $chr_ord <= 78) || // J..N
|
||||
($chr_ord >= 80 && $chr_ord <= 90) || // P..Z
|
||||
($chr_ord >= 97 && $chr_ord <= 107) || // a..k
|
||||
($chr_ord >= 109 && $chr_ord <= 110) || // m..n
|
||||
($chr_ord >= 112 && $chr_ord <= 122) // p..z
|
||||
) {
|
||||
$characterMap .= $random_bytes[$i];
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// list of characters to skip for random generator
|
||||
$doNotUseChr = array('<', '>', '{', '}', '&', 'l' , 'O' ,'`', '\'', '|' ,'^', '"');
|
||||
|
||||
// create map of random readable characters
|
||||
$characterMap = '';
|
||||
while (strlen($characterMap) < 256) {
|
||||
$random_bytes = openssl_random_pseudo_bytes(10000);
|
||||
for ($i = 0; $i < strlen($random_bytes); $i++) {
|
||||
$chr_ord = ord($random_bytes[$i]);
|
||||
if ($chr_ord >= 33 && $chr_ord <= 125 && !in_array($random_bytes[$i], $doNotUseChr)) {
|
||||
$characterMap .= $random_bytes[$i];
|
||||
}
|
||||
}
|
||||
}
|
||||
// a map of easy to read characters
|
||||
$characterMap = '23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnpqrstuvwxyz';
|
||||
}
|
||||
|
||||
// generate new vouchers
|
||||
@ -235,14 +204,12 @@ class Voucher extends Base implements IAuthConnector
|
||||
$expirytime = $expirytime == 0 ? 0 : $expirytime + time();
|
||||
while ($vouchersGenerated < $count) {
|
||||
$generatedUsername = '';
|
||||
$random_bytes = openssl_random_pseudo_bytes($this->usernameLength);
|
||||
for ($j = 0; $j < strlen($random_bytes); $j++) {
|
||||
$generatedUsername .= $characterMap[ord($random_bytes[$j])];
|
||||
for ($j = 0; $j < $this->usernameLength; $j++) {
|
||||
$generatedUsername .= $characterMap[random_int(0, strlen($characterMap) - 1)];
|
||||
}
|
||||
$generatedPassword = '';
|
||||
$random_bytes = openssl_random_pseudo_bytes($this->passwordLength);
|
||||
for ($j = 0; $j < strlen($random_bytes); $j++) {
|
||||
$generatedPassword .= $characterMap[ord($random_bytes[$j])];
|
||||
for ($j = 0; $j < $this->passwordLength; $j++) {
|
||||
$generatedPassword .= $characterMap[random_int(0, strlen($characterMap) - 1)];
|
||||
}
|
||||
|
||||
if (!$this->userNameExists($generatedUsername)) {
|
||||
|
||||
@ -77,7 +77,7 @@ function generate_new_duid($duid_type)
|
||||
$new_duid = $new_duid.':'.$mac;
|
||||
break;
|
||||
case '3': //UUID
|
||||
$type = "\x00\x00\x00\x04".openssl_random_pseudo_bytes(16);
|
||||
$type = "\x00\x00\x00\x04".random_bytes(16);
|
||||
for ($count = 0; $count < strlen($type); ) {
|
||||
$new_duid .= bin2hex( $type[$count]);
|
||||
$count++;
|
||||
@ -87,7 +87,7 @@ function generate_new_duid($duid_type)
|
||||
}
|
||||
break;
|
||||
case '4': //EN - Using Opnsense PEN!!!
|
||||
$type = "\x00\x02\x00\x00\xD2\x6D".openssl_random_pseudo_bytes(8);
|
||||
$type = "\x00\x02\x00\x00\xD2\x6D".random_bytes(8);
|
||||
for ($count = 0; $count < strlen($type); ) {
|
||||
$new_duid .= bin2hex( $type[$count]);
|
||||
$count++;
|
||||
|
||||
@ -342,7 +342,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
$userent['ipsecpsk'] = $pconfig['ipsecpsk'];
|
||||
if (!empty($pconfig['gen_otp_seed'])) {
|
||||
// generate 160bit base32 encoded secret
|
||||
$userent['otp_seed'] = Base32\Base32::encode(openssl_random_pseudo_bytes(20));
|
||||
$userent['otp_seed'] = Base32\Base32::encode(random_bytes(20));
|
||||
} else {
|
||||
$userent['otp_seed'] = trim($pconfig['otp_seed']);
|
||||
}
|
||||
|
||||
@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
||||
|
||||
if (!empty($pconfig['request_otp_seed'])) {
|
||||
if ($user_allow_gen_token && $userFound) {
|
||||
$new_seed = Base32\Base32::encode(openssl_random_pseudo_bytes(20));
|
||||
$new_seed = Base32\Base32::encode(random_bytes(20));
|
||||
$config['system']['user'][$userindex[$username]]['otp_seed'] = $new_seed;
|
||||
write_config();
|
||||
$otp_url = "otpauth://totp/";
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user