mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 06:08:52 +00:00
Time to roll the dice and see what number comes up :)
[Replace calls to rand/mt_rand in certain places with an alternative method] git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5589 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Graham Eames
parent
e5f594466d
commit
c3c7a5f332
9 changed files with 45 additions and 32 deletions
|
|
@ -170,6 +170,7 @@ $theme = array();
|
||||||
$images = array();
|
$images = array();
|
||||||
$lang = array();
|
$lang = array();
|
||||||
$nav_links = array();
|
$nav_links = array();
|
||||||
|
$dss_seeded = false;
|
||||||
$gen_simple_header = FALSE;
|
$gen_simple_header = FALSE;
|
||||||
|
|
||||||
include($phpbb_root_path . 'config.'.$phpEx);
|
include($phpbb_root_path . 'config.'.$phpEx);
|
||||||
|
|
|
||||||
|
|
@ -235,7 +235,7 @@ function make_bbcode_uid()
|
||||||
{
|
{
|
||||||
// Unique ID for this message..
|
// Unique ID for this message..
|
||||||
|
|
||||||
$uid = md5(mt_rand());
|
$uid = dss_rand();
|
||||||
$uid = substr($uid, 0, BBCODE_UID_LEN);
|
$uid = substr($uid, 0, BBCODE_UID_LEN);
|
||||||
|
|
||||||
return $uid;
|
return $uid;
|
||||||
|
|
|
||||||
|
|
@ -139,6 +139,37 @@ function phpbb_rtrim($str, $charlist = false)
|
||||||
return $str;
|
return $str;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Our own generator of random values
|
||||||
|
* This uses a constantly changing value as the base for generating the values
|
||||||
|
* The board wide setting is updated once per page if this code is called
|
||||||
|
* With thanks to Anthrax101 for the inspiration on this one
|
||||||
|
* Added in phpBB 2.0.20
|
||||||
|
*/
|
||||||
|
function dss_rand()
|
||||||
|
{
|
||||||
|
global $db, $board_config, $dss_seeded;
|
||||||
|
|
||||||
|
$val = $board_config['rand_seed'] . microtime();
|
||||||
|
$val = md5($val);
|
||||||
|
$board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a');
|
||||||
|
|
||||||
|
if($seeded !== true)
|
||||||
|
{
|
||||||
|
$sql = "UPDATE " . CONFIG_TABLE . " SET
|
||||||
|
config_value = '" . $board_config['rand_seed'] . "'
|
||||||
|
WHERE config_name = 'rand_seed'";
|
||||||
|
|
||||||
|
if( !$db->sql_query($sql) )
|
||||||
|
{
|
||||||
|
message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql);
|
||||||
|
}
|
||||||
|
|
||||||
|
$dss_seeded = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return substr($val, 16);
|
||||||
|
}
|
||||||
//
|
//
|
||||||
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
|
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced.
|
||||||
//
|
//
|
||||||
|
|
|
||||||
|
|
@ -177,9 +177,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
|
||||||
AND session_ip = '$user_ip'";
|
AND session_ip = '$user_ip'";
|
||||||
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
|
if ( !$db->sql_query($sql) || !$db->sql_affectedrows() )
|
||||||
{
|
{
|
||||||
list($sec, $usec) = explode(' ', microtime());
|
$session_id = md5(dss_rand);
|
||||||
mt_srand((float) $sec + ((float) $usec * 100000));
|
|
||||||
$session_id = md5(uniqid(mt_rand(), true));
|
|
||||||
|
|
||||||
$sql = "INSERT INTO " . SESSIONS_TABLE . "
|
$sql = "INSERT INTO " . SESSIONS_TABLE . "
|
||||||
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
|
(session_id, session_user_id, session_start, session_time, session_ip, session_page, session_logged_in, session_admin)
|
||||||
|
|
@ -212,9 +210,7 @@ function session_begin($user_id, $user_ip, $page_id, $auto_create = 0, $enable_a
|
||||||
//
|
//
|
||||||
if ($enable_autologin)
|
if ($enable_autologin)
|
||||||
{
|
{
|
||||||
list($sec, $usec) = explode(' ', microtime());
|
$auto_login_key = dss_rand() . dss_rand();
|
||||||
mt_srand(hexdec(substr($session_id, 0, 8)) + (float) $sec + ((float) $usec * 1000000));
|
|
||||||
$auto_login_key = uniqid(mt_rand(), true);
|
|
||||||
|
|
||||||
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
|
if (isset($sessiondata['autologinid']) && (string) $sessiondata['autologinid'] != '')
|
||||||
{
|
{
|
||||||
|
|
@ -517,9 +513,7 @@ function session_reset_keys($user_id, $user_ip)
|
||||||
|
|
||||||
if ( !empty($key_sql) )
|
if ( !empty($key_sql) )
|
||||||
{
|
{
|
||||||
list($sec, $usec) = explode(' ', microtime());
|
$auto_login_key = dss_rand() . dss_rand();
|
||||||
mt_srand(hexdec(substr($userdata['session_id'], 0, 8)) + (float) $sec + ((float) $usec * 1000000));
|
|
||||||
$auto_login_key = uniqid(mt_rand(), true);
|
|
||||||
|
|
||||||
$current_time = time();
|
$current_time = time();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -991,17 +991,10 @@ else
|
||||||
}
|
}
|
||||||
$db->sql_freeresult($result);
|
$db->sql_freeresult($result);
|
||||||
|
|
||||||
$confirm_chars = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9');
|
// Generate the required confirmation code
|
||||||
|
// NB 0 (zero) could get confused with O (the letter) so we make change it
|
||||||
list($usec, $sec) = explode(' ', microtime());
|
$code = dss_rand();
|
||||||
mt_srand($sec * $usec);
|
$code = strtoupper(str_replace('0', 'o', substr($code, 6)));
|
||||||
|
|
||||||
$max_chars = count($confirm_chars) - 1;
|
|
||||||
$code = '';
|
|
||||||
for ($i = 0; $i < 6; $i++)
|
|
||||||
{
|
|
||||||
$code .= $confirm_chars[mt_rand(0, $max_chars)];
|
|
||||||
}
|
|
||||||
|
|
||||||
$confirm_id = md5(uniqid($user_ip));
|
$confirm_id = md5(uniqid($user_ip));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
|
||||||
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');
|
||||||
|
|
||||||
/*
|
/*
|
||||||
-- Categories
|
-- Categories
|
||||||
|
|
|
||||||
|
|
@ -68,6 +68,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
|
||||||
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');
|
||||||
|
|
||||||
|
|
||||||
# -- Categories
|
# -- Categories
|
||||||
|
|
|
||||||
|
|
@ -69,6 +69,7 @@ INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_name', 'www
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('server_port', '80');
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('script_path', '/phpBB2/');
|
||||||
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('version', '.0.20');
|
||||||
|
INSERT INTO phpbb_config (config_name, config_value) VALUES ('rand_seed', '0');
|
||||||
|
|
||||||
-- Categories
|
-- Categories
|
||||||
INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test category 1', 10);
|
INSERT INTO phpbb_categories (cat_id, cat_title, cat_order) VALUES (1, 'Test category 1', 10);
|
||||||
|
|
|
||||||
|
|
@ -60,18 +60,9 @@ $server_url = $server_protocol . $server_name . $server_port . $script_name;
|
||||||
//
|
//
|
||||||
function gen_rand_string($hash)
|
function gen_rand_string($hash)
|
||||||
{
|
{
|
||||||
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');
|
$rand_str = dss_rand();
|
||||||
|
|
||||||
$max_chars = count($chars) - 1;
|
|
||||||
srand( (double) microtime()*1000000);
|
|
||||||
|
|
||||||
$rand_str = '';
|
|
||||||
for($i = 0; $i < 8; $i++)
|
|
||||||
{
|
|
||||||
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
|
|
||||||
}
|
|
||||||
|
|
||||||
return ( $hash ) ? md5($rand_str) : $rand_str;
|
return ( $hash ) ? md5($rand_str) : substr($rand_str, 8);
|
||||||
}
|
}
|
||||||
//
|
//
|
||||||
// End page specific functions
|
// End page specific functions
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue