mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Merge pull request #1944 from Startup-Stack/secure-app-salt
Use cryptographically secure random number generator for APP_SALT whe…
This commit is contained in:
commit
538312ef3e
1 changed files with 23 additions and 8 deletions
|
|
@ -124,15 +124,30 @@
|
||||||
unset($sCheckName, $sCheckFilePath, $sCheckFolder, $sTest);
|
unset($sCheckName, $sCheckFilePath, $sCheckFolder, $sTest);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (false === $sSalt)
|
if (false === $sSalt) {
|
||||||
|
if (function_exists('random_bytes'))
|
||||||
|
{ // secure random salt
|
||||||
|
try
|
||||||
{
|
{
|
||||||
// random salt
|
$sSalt = bin2hex(random_bytes(48));
|
||||||
$sSalt = '<'.'?php //'
|
}
|
||||||
.md5(microtime(true).rand(1000, 5000))
|
catch (\Exception $oException)
|
||||||
|
{
|
||||||
|
$sSalt = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ((false === $sSalt) && (function_exists('openssl_random_pseudo_bytes')))
|
||||||
|
{ // not-quite as secure random salt
|
||||||
|
$sSalt = bin2hex(openssl_random_pseudo_bytes(48));
|
||||||
|
}
|
||||||
|
if (false === $sSalt)
|
||||||
|
{ // pseudo-random salt
|
||||||
|
$sSalt = md5(microtime(true).rand(1000, 5000))
|
||||||
.md5(microtime(true).rand(5000, 9999))
|
.md5(microtime(true).rand(5000, 9999))
|
||||||
.md5(microtime(true).rand(1000, 5000));
|
.md5(microtime(true).rand(1000, 5000));
|
||||||
|
}
|
||||||
|
|
||||||
@file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', $sSalt);
|
@file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', '<'.'?php //'.$sSalt);
|
||||||
}
|
}
|
||||||
|
|
||||||
define('APP_SALT', md5($sSalt.APP_PRIVATE_DATA_NAME.$sSalt));
|
define('APP_SALT', md5($sSalt.APP_PRIVATE_DATA_NAME.$sSalt));
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue