Jeremy Newman : update generate_passwd to be stronger
Jeremy Newman
jnewman at winehq.org
Wed Jul 18 13:18:21 CDT 2018
Module: appdb
Branch: master
Commit: ca2c14ebead2840510103198f53216a5e3616208
URL: https://source.winehq.org/git/appdb.git/?a=commit;h=ca2c14ebead2840510103198f53216a5e3616208
Author: Jeremy Newman <jnewman at codeweavers.com>
Date: Wed Jul 18 13:12:38 2018 -0500
update generate_passwd to be stronger
mt_rand in PHP is not considered to be cryptographically stong
use openssl_random_pseudo_bytes instead
---
include/user.php | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/include/user.php b/include/user.php
index 5a4b428..6626b0e 100644
--- a/include/user.php
+++ b/include/user.php
@@ -417,16 +417,16 @@ class User {
/**
* Creates a new random password.
*/
- public static function generate_passwd($pass_len = 10)
+ public static function generate_passwd($pass_len = 20)
{
- $nps = "";
- mt_srand ((double) microtime() * 1000000);
- while (strlen($nps)<$pass_len)
- {
- $c = chr(mt_rand (0,255));
- if (preg_match("/[a-zA-Z0-9]/", $c)) $nps = $nps.$c;
+ $alphanum = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+ $alphanum_length = strlen($alphanum);
+ $random = openssl_random_pseudo_bytes($pass_len);
+ $passwd = '';
+ for ($i = 0; $i < $pass_len; ++$i) {
+ $passwd .= $alphanum[ord($random[$i]) % $alphanum_length];
}
- return ($nps);
+ return $passwd;
}
/**
More information about the wine-cvs
mailing list