generate unpredictable unique session ids
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -363,6 +363,30 @@ class FroxlorInstall
|
||||
return $content;
|
||||
}
|
||||
|
||||
/**
|
||||
* generate safe unique token
|
||||
*
|
||||
* @param int $length
|
||||
* @return string
|
||||
*/
|
||||
private function genUniqueToken(int $length = 16)
|
||||
{
|
||||
if(!isset($length) || intval($length) <= 8 ){
|
||||
$length = 16;
|
||||
}
|
||||
if (function_exists('random_bytes')) {
|
||||
return bin2hex(random_bytes($length));
|
||||
}
|
||||
if (function_exists('mcrypt_create_iv')) {
|
||||
return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
|
||||
}
|
||||
if (function_exists('openssl_random_pseudo_bytes')) {
|
||||
return bin2hex(openssl_random_pseudo_bytes($length));
|
||||
}
|
||||
// if everything else fails, use unsafe fallback
|
||||
return md5(uniqid(microtime(), 1));
|
||||
}
|
||||
|
||||
/**
|
||||
* create corresponding entries in froxlor database
|
||||
*
|
||||
@@ -406,8 +430,8 @@ class FroxlorInstall
|
||||
$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
|
||||
$ins_data = array(
|
||||
'loginname' => $this->_data['admin_user'],
|
||||
/* use SHA256 default crypt */
|
||||
'password' => crypt($this->_data['admin_pass1'], '$5$' . md5(uniqid(microtime(), 1)) . md5(uniqid(microtime(), 1))),
|
||||
/* use SHA256 default crypt */
|
||||
'password' => crypt($this->_data['admin_pass1'], '$5$' . $this->genUniqueToken() . $this->genUniqueToken()),
|
||||
'email' => 'admin@' . $this->_data['servername'],
|
||||
'deflang' => $this->_languages[$this->_activelng]
|
||||
);
|
||||
|
||||
Reference in New Issue
Block a user