makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/9612] Introduce new function gen_rand_string_friendly().

Browse source 
Introduce new function gen_rand_string_friendly() for user friendly random
strings like passwords and captcha codes. Strings generated by
gen_rand_string_friendly() will not contain the characters 0 and O.

By adding a new function we can increase the entropy of strings
generated by gen_rand_string() by putting 0 and O back in.

PHPBB3-9612
This commit is contained in:
Andreas Fischer 2010-05-17 09:40:32 +02:00
parent af21e38c1d
commit c2b29c317f
3 changed files with 22 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
phpBB/includes/captcha/plugins/captcha_abstract.php
View file

@ -59,7 +59,7 @@ class phpbb_default_captcha
{ {
global $user; global $user;
$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
$this->seed = hexdec(substr(unique_id(), 4, 10)); $this->seed = hexdec(substr(unique_id(), 4, 10));
// compute $seed % 0x7fffffff // compute $seed % 0x7fffffff
@ -235,7 +235,7 @@ class phpbb_default_captcha
{ {
global $db, $user; global $db, $user;
$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
$this->confirm_id = md5(unique_id($user->ip)); $this->confirm_id = md5(unique_id($user->ip));
$this->seed = hexdec(substr(unique_id(), 4, 10)); $this->seed = hexdec(substr(unique_id(), 4, 10));
$this->solved = 0; $this->solved = 0;
@ -259,7 +259,7 @@ class phpbb_default_captcha
{ {
global $db, $user; global $db, $user;
$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
$this->seed = hexdec(substr(unique_id(), 4, 10)); $this->seed = hexdec(substr(unique_id(), 4, 10));
$this->solved = 0; $this->solved = 0;
// compute $seed % 0x7fffffff // compute $seed % 0x7fffffff
@ -281,7 +281,7 @@ class phpbb_default_captcha
{ {
global $db, $user; global $db, $user;
$this->code = gen_rand_string(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS)); $this->code = gen_rand_string_friendly(mt_rand(CAPTCHA_MIN_CHARS, CAPTCHA_MAX_CHARS));
$this->seed = hexdec(substr(unique_id(), 4, 10)); $this->seed = hexdec(substr(unique_id(), 4, 10));
$this->solved = 0; $this->solved = 0;
// compute $seed % 0x7fffffff // compute $seed % 0x7fffffff

17
phpBB/includes/functions.php
View file

@ -195,10 +195,27 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
/** /**
* Generates an alphanumeric random string of given length * Generates an alphanumeric random string of given length
*
* @return string
*/ */
function gen_rand_string($num_chars = 8) function gen_rand_string($num_chars = 8)
{
// [a, z] + [0, 9] = 36
return strtoupper(base_convert(unique_id(), 16, 36));
}
/**
* Generates a user-friendly alphanumeric random string of given length
* We remove 0 and O so users cannot confuse those in passwords etc.
*
* @return string
*/
function gen_rand_string_friendly($num_chars = 8)
{ {
$rand_str = unique_id(); $rand_str = unique_id();
// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34))); $rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
return substr($rand_str, 0, $num_chars); return substr($rand_str, 0, $num_chars);

2
phpBB/includes/ucp/ucp_remind.php
View file

@ -79,7 +79,7 @@ class ucp_remind
// Make password at least 8 characters long, make it longer if admin wants to. // Make password at least 8 characters long, make it longer if admin wants to.
// gen_rand_string() however has a limit of 12 or 13. // gen_rand_string() however has a limit of 12 or 13.
$user_password = gen_rand_string(max(8, rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars']))); $user_password = gen_rand_string_friendly(max(8, mt_rand((int) $config['min_pass_chars'], (int) $config['max_pass_chars'])));
// For the activation key a random length between 6 and 10 will do. // For the activation key a random length between 6 and 10 will do.
$user_actkey = gen_rand_string(mt_rand(6, 10)); $user_actkey = gen_rand_string(mt_rand(6, 10));