kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

same random system everywhere : mt_rand()

This commit is contained in:
Benjamin Sonntag 2016-05-22 17:40:57 +02:00
parent 396f8c2598
commit de5837750e
5 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bureau/class/config.php
View File

@ -78,7 +78,7 @@ if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
// proper srand (not using time(), which is what PHP does!) // proper srand (not using time(), which is what PHP does!)
list($usec, $sec) = explode(" ", microtime()); list($usec, $sec) = explode(" ", microtime());
srand($usec * 1000000); mt_srand($usec * 1000000);
$help_baseurl = "http://www.aide-alternc.org/"; $help_baseurl = "http://www.aide-alternc.org/";

23
bureau/class/functions.php
View File

@ -24,10 +24,6 @@
---------------------------------------------------------------------- ----------------------------------------------------------------------
*/ */
/* seed the random number generator : */
list($usec, $sec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
/** /**
* Format a field value for input or textarea : * Format a field value for input or textarea :
* *
@ -854,11 +850,12 @@ function create_pass($length = 8) {
* @return int * @return int
*/ */
function display_div_generate_password($pass_size = DEFAULT_PASS_SIZE, $fields_to_fill1 = "", $fields_to_fill2 = "") { function display_div_generate_password($pass_size = DEFAULT_PASS_SIZE, $fields_to_fill1 = "", $fields_to_fill2 = "") {
$id = rand(1, 1000); static $id=1;
echo "<div id='z$id' style='display:none;'><a href=\"javascript:generate_password_html('$id',$pass_size,'$fields_to_fill1','$fields_to_fill2');\">"; echo "<div id='z$id' style='display:none;'><a href=\"javascript:generate_password_html('$id',$pass_size,'$fields_to_fill1','$fields_to_fill2');\">";
__("Clic here to generate a password"); __("Clic here to generate a password");
echo "</a></div>"; echo "</a></div>";
echo "<script type='text/javascript'>$('#z$id').show();</script>"; echo "<script type='text/javascript'>$('#z$id').show();</script>";
$id++;
return 0; return 0;
} }
@ -872,7 +869,9 @@ function display_div_generate_password($pass_size = DEFAULT_PASS_SIZE, $fields_t
*/ */
function display_browser($dir = "", $caller = "main.dir", $width = 350, $height = 450) { function display_browser($dir = "", $caller = "main.dir", $width = 350, $height = 450) {
// Browser id // Browser id
$bid = "b" . rand(1, 1000); static $id=0;
$id++;
$bid = "b" . $id;
echo "<script type=\"text/javascript\"> echo "<script type=\"text/javascript\">
<!-- <!--
$(function() { $(function() {
@ -1084,10 +1083,10 @@ function csrf_get($return=false) {
global $db; global $db;
static $token=""; static $token="";
if (!isset($_SESSION["csrf"])) { if (!isset($_SESSION["csrf"])) {
$_SESSION["csrf"]=md5(rand().rand().rand()); $_SESSION["csrf"]=md5(mt_rand().mt_rand().mt_rand());
} }
if ($token=="") { if ($token=="") {
$token=md5(rand().rand().rand()); $token=md5(mt_rand().mt_rand().mt_rand());
$db->query("INSERT INTO csrf SET cookie=?, token=?, created=NOW(), used=0;",array($_SESSION["csrf"],$token)); $db->query("INSERT INTO csrf SET cookie=?, token=?, created=NOW(), used=0;",array($_SESSION["csrf"],$token));
} }
if ($return) if ($return)
@ -1111,13 +1110,9 @@ function csrf_check($token=null) {
$err->raise("functions", _("The posted form token is incorrect. Maybe you need to allow cookies")); $err->raise("functions", _("The posted form token is incorrect. Maybe you need to allow cookies"));
return 0; // no csrf cookie :/ return 0; // no csrf cookie :/
} }
if (!preg_match('#^[0-9a-f]{32}$#',$token)) { if (strlen($token)!=32 || strlen($_SESSION["csrf"])!=32) {
$err->raise("functions", _("The posted form token is invalid"));
return 0; // invalid csrf token
}
if (!preg_match('#^[0-9a-f]{32}$#',$_SESSION["csrf"])) {
unset($_SESSION["csrf"]); unset($_SESSION["csrf"]);
$err->raise("functions", _("Your cookie is invalid")); $err->raise("functions", _("Your cookie or token is invalid"));
return 0; // invalid csrf cookie return 0; // invalid csrf cookie
} }
$db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token)); $db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));

2
bureau/class/m_bro.php
View File

@ -480,7 +480,7 @@ class m_bro {
$err->raise("bro", _("File or folder name is incorrect")); $err->raise("bro", _("File or folder name is incorrect"));
return false; return false;
} }
$alea = "." . time() . rand(1000, 9999); $alea = "." . time() . mt_rand(1000, 9999);
for ($i = 0; $i < count($old); $i++) { for ($i = 0; $i < count($old); $i++) {
$old[$i] = ssla($old[$i]); // strip slashes if needed $old[$i] = ssla($old[$i]); // strip slashes if needed
$new[$i] = ssla($new[$i]); $new[$i] = ssla($new[$i]);

8
bureau/class/m_mem.php
View File

@ -153,7 +153,7 @@ class m_mem {
setcookie('oldid', '', 0, '/'); setcookie('oldid', '', 0, '/');
} }
/* Open the session : */ /* Open the session : */
$sess = md5(uniqid(mt_rand())); $sess = md5(mt_rand().mt_rand().mt_rand());
$_REQUEST["session"] = $sess; $_REQUEST["session"] = $sess;
$db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid)); $db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
setcookie("session", $sess, 0, "/"); setcookie("session", $sess, 0, "/");
@ -192,7 +192,7 @@ class m_mem {
$mysql->reload_dbus(); $mysql->reload_dbus();
$ip = get_remote_ip(); $ip = get_remote_ip();
$sess = md5(uniqid(mt_rand())); $sess = md5(mt_rand().mt_rand().mt_rand());
$_REQUEST["session"] = $sess; $_REQUEST["session"] = $sess;
$db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid)); $db->query("insert into sessions (sid,ip,uid) values (?, ?, ?);", array($sess, $ip, $cuid));
setcookie("session", $sess, 0, "/"); setcookie("session", $sess, 0, "/");
@ -516,9 +516,9 @@ Cordially.
$db->next_record(); $db->next_record();
// un cookie de 20 caract<63>res pour le mail // un cookie de 20 caract<63>res pour le mail
$COOKIE = substr(md5(uniqid(rand(), true)), 0, 20); $COOKIE = substr(md5(mt_rand().mt_rand()), 0, 20);
// et de 6 pour la cl<63> <20> entrer. ca me semble suffisant... // et de 6 pour la cl<63> <20> entrer. ca me semble suffisant...
$KEY = substr(md5(uniqid(rand(), true)), 0, 6); $KEY = substr(md5(mt_rand().mt_rand()), 0, 6);
$link = "https://$L_FQDN/mem_cm.php?usr=$cuid&cookie=$COOKIE"; $link = "https://$L_FQDN/mem_cm.php?usr=$cuid&cookie=$COOKIE";
$txt = sprintf(_("Hello, $txt = sprintf(_("Hello,

2
lib/Alternc/Api/Token.php
View File

@ -122,7 +122,7 @@ class Alternc_Api_Token {
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$s = ""; $s = "";
for ($i = 0; $i < 32; $i++) for ($i = 0; $i < 32; $i++)
$s.=substr($chars, rand(0, 61), 1); $s.=substr($chars, mt_rand(0, 61), 1);
return $s; return $s;
} }