27,31 → 27,6 |
|
// Useful functions |
|
public static function getRandomBytes($len) { |
if (function_exists('openssl_random_pseudo_bytes')) { |
$a = openssl_random_pseudo_bytes($len); |
if ($a) return $a; |
} |
|
if (function_exists('mcrypt_create_iv')) { |
$a = bin2hex(mcrypt_create_iv($len)); |
if ($a) return $a; |
} |
|
if (function_exists('random_bytes')) { |
$a = random_bytes($len); |
if ($a) return $a; |
} |
|
// Fallback to non-secure RNG |
$a = ''; |
while (strlen($a) < $len*2) { |
$a .= sha1(uniqid((string)mt_rand(), true)); |
} |
$a = substr($a, 0, $len*2); |
return hex2bin($a); |
} |
|
private static function raPepperProcessing(string $password): string { |
// Additional feature: Pepper |
// The pepper is stored inside the base configuration file |
351,7 → 326,7 |
} |
|
public function genCSRFToken() { |
return bin2hex(self::getRandomBytes(64)); |
return bin2hex(random_bytes_ex(64)); |
} |
|
public function checkCSRF() { |
384,3 → 359,4 |
/* Nothing here; the admin password will be generated in setup_base.js , purely in the web-browser */ |
|
} |
|