diff --git a/rainloop/v/0.0.0/include.php b/rainloop/v/0.0.0/include.php index 5b51731dd..9d7fdc2e9 100644 --- a/rainloop/v/0.0.0/include.php +++ b/rainloop/v/0.0.0/include.php @@ -124,15 +124,30 @@ unset($sCheckName, $sCheckFilePath, $sCheckFolder, $sTest); } - if (false === $sSalt) - { - // random salt - $sSalt = '<'.'?php //' - .md5(microtime(true).rand(1000, 5000)) - .md5(microtime(true).rand(5000, 9999)) - .md5(microtime(true).rand(1000, 5000)); + if (false === $sSalt) { + if (function_exists('random_bytes')) + { // secure random salt + try + { + $sSalt = bin2hex(random_bytes(48)); + } + catch (\Exception $oException) + { + $sSalt = false; + } + } + if ((false === $sSalt) && (function_exists('openssl_random_pseudo_bytes'))) + { // not-quite as secure random salt + $sSalt = bin2hex(openssl_random_pseudo_bytes(48)); + } + if (false === $sSalt) + { // pseudo-random salt + $sSalt = md5(microtime(true).rand(1000, 5000)) + .md5(microtime(true).rand(5000, 9999)) + .md5(microtime(true).rand(1000, 5000)); + } - @file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', $sSalt); + @file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', '<'.'?php //'.$sSalt); } define('APP_SALT', md5($sSalt.APP_PRIVATE_DATA_NAME.$sSalt));