fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'pr/1316' into develop

Browse source
This commit is contained in:
bnu 2015-03-10 12:40:18 +09:00
commit aaac84ec7e
1 changed files with 31 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

51
classes/security/Password.class.php
View file

@ -229,7 +229,18 @@ class Password
public function createSecureSalt($length, $format = 'hex') public function createSecureSalt($length, $format = 'hex')
{ {
// Find out how many bytes of entropy we really need // Find out how many bytes of entropy we really need
$entropy_required_bytes = ceil(($format === 'hex') ? ($length / 2) : ($length * 3 / 4)); switch($format)
{
case 'hex':
$entropy_required_bytes = ceil($length / 2);
break;
case 'alnum':
case 'printable':
$entropy_required_bytes = ceil($length * 3 / 4);
break;
default:
$entropy_required_bytes = $length;
}
// Cap entropy to 256 bits from any one source, because anything more is meaningless // Cap entropy to 256 bits from any one source, because anything more is meaningless
$entropy_capped_bytes = min(32, $entropy_required_bytes); $entropy_capped_bytes = min(32, $entropy_required_bytes);
@ -271,24 +282,24 @@ class Password
} }
// Encode and return the random string // Encode and return the random string
if($format === 'hex') switch($format)
{ {
return substr(bin2hex($output), 0, $length); case 'hex':
} return substr(bin2hex($output), 0, $length);
elseif($format === 'printable') case 'binary':
{ return substr($output, 0, $length);
$salt = ''; case 'printable':
for($i = 0; $i < $length; $i++) $salt = '';
{ for($i = 0; $i < $length; $i++)
$salt .= chr(33 + (crc32(sha1($i . $output)) % 94)); {
} $salt .= chr(33 + (crc32(sha1($i . $output)) % 94));
return $salt; }
} return $salt;
else case 'alnum':
{ default:
$salt = substr(base64_encode($output), 0, $length); $salt = substr(base64_encode($output), 0, $length);
$replacements = chr(rand(65, 90)) . chr(rand(97, 122)) . rand(0, 9); $replacements = chr(rand(65, 90)) . chr(rand(97, 122)) . rand(0, 9);
return strtr($salt, '+/=', $replacements); return strtr($salt, '+/=', $replacements);
} }
} }
@ -301,8 +312,8 @@ class Password
{ {
while(true) while(true)
{ {
$source = $this->createSecureSalt(128, 'printable'); $source = base64_encode($this->createSecureSalt(64, 'binary'));
$source = preg_replace('/[iIoOjl10\'"!?<>\(\)\{\}\[\]:;.,`\\\\]/', '', $source); $source = strtr($source, 'iIoOjl10/', '@#$%&*-!?');
$source_length = strlen($source); $source_length = strlen($source);
for($i = 0; $i < $source_length - $length; $i++) for($i = 0; $i < $source_length - $length; $i++)
{ {