Fallback for systems without openssl
This commit is contained in:
Lukas Reschke
parent
992c2c9d4b
commit
ef57e9294b
|
|
@ -13,7 +13,7 @@ require_once '../../lib/base.php';
|
||||||
// Someone lost their password:
|
// Someone lost their password:
|
||||||
if (isset($_POST['user'])) {
|
if (isset($_POST['user'])) {
|
||||||
if (OC_User::userExists($_POST['user'])) {
|
if (OC_User::userExists($_POST['user'])) {
|
||||||
$token = hash("sha256", $_POST['user'].openssl_random_pseudo_bytes(10, $cstrong));
|
$token = hash("sha256", $_POST['user'].OC_Util::generate_random_bytes(10));
|
||||||
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
|
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
|
||||||
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
||||||
if (!empty($email)) {
|
if (!empty($email)) {
|
||||||
|
|
|
||||||
|
|
@ -79,8 +79,7 @@ class OC_Setup {
|
||||||
}
|
}
|
||||||
|
|
||||||
//generate a random salt that is used to salt the local user passwords
|
//generate a random salt that is used to salt the local user passwords
|
||||||
$random_bytes = openssl_random_pseudo_bytes(30, $cstrong);
|
$salt = OC_Util::generate_random_bytes(30);
|
||||||
$salt = bin2hex($random_bytes);
|
|
||||||
OC_Config::setValue('passwordsalt', $salt);
|
OC_Config::setValue('passwordsalt', $salt);
|
||||||
|
|
||||||
//write the config file
|
//write the config file
|
||||||
|
|
|
||||||
30
lib/util.php
30
lib/util.php
|
|
@ -437,9 +437,7 @@ class OC_Util {
|
||||||
*/
|
*/
|
||||||
public static function callRegister() {
|
public static function callRegister() {
|
||||||
// generate a random token.
|
// generate a random token.
|
||||||
$bytes = openssl_random_pseudo_bytes(10, $cstrong);
|
$token = self::generate_random_bytes(20);
|
||||||
$hex = bin2hex($bytes);
|
|
||||||
$token = $hex;
|
|
||||||
|
|
||||||
// store the token together with a timestamp in the session.
|
// store the token together with a timestamp in the session.
|
||||||
$_SESSION['requesttoken-'.$token]=time();
|
$_SESSION['requesttoken-'.$token]=time();
|
||||||
|
|
@ -550,4 +548,30 @@ class OC_Util {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
|
||||||
|
* Inspired by gorgo on php.net
|
||||||
|
* @param Int with the length of the random
|
||||||
|
* @return String with the random bytes
|
||||||
|
*/
|
||||||
|
public static function generate_random_bytes($length = 30) {
|
||||||
|
if(function_exists('openssl_random_pseudo_bytes')) {
|
||||||
|
$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
|
||||||
|
if($strong == TRUE) {
|
||||||
|
return substr($pseudo_byte, 0, $length); // Truncate it to match the length
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// fallback to mt_rand()
|
||||||
|
$characters = '0123456789';
|
||||||
|
$characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
|
||||||
|
$charactersLength = strlen($characters)-1;
|
||||||
|
$pseudo_byte = "";
|
||||||
|
|
||||||
|
// Select some random characters
|
||||||
|
for ($i = 0; $i < $length; $i++) {
|
||||||
|
$pseudo_byte .= $characters[mt_rand(0, $charactersLength)];
|
||||||
|
}
|
||||||
|
return $pseudo_byte;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue