mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-09-20 15:45:55 +08:00
Merge pull request #1944 from Startup-Stack/secure-app-salt
Use cryptographically secure random number generator for APP_SALT whe…
This commit is contained in:
commit
538312ef3e
|
@ -124,15 +124,30 @@
|
|||
unset($sCheckName, $sCheckFilePath, $sCheckFolder, $sTest);
|
||||
}
|
||||
|
||||
if (false === $sSalt)
|
||||
{
|
||||
// random salt
|
||||
$sSalt = '<'.'?php //'
|
||||
.md5(microtime(true).rand(1000, 5000))
|
||||
.md5(microtime(true).rand(5000, 9999))
|
||||
.md5(microtime(true).rand(1000, 5000));
|
||||
if (false === $sSalt) {
|
||||
if (function_exists('random_bytes'))
|
||||
{ // secure random salt
|
||||
try
|
||||
{
|
||||
$sSalt = bin2hex(random_bytes(48));
|
||||
}
|
||||
catch (\Exception $oException)
|
||||
{
|
||||
$sSalt = false;
|
||||
}
|
||||
}
|
||||
if ((false === $sSalt) && (function_exists('openssl_random_pseudo_bytes')))
|
||||
{ // not-quite as secure random salt
|
||||
$sSalt = bin2hex(openssl_random_pseudo_bytes(48));
|
||||
}
|
||||
if (false === $sSalt)
|
||||
{ // pseudo-random salt
|
||||
$sSalt = md5(microtime(true).rand(1000, 5000))
|
||||
.md5(microtime(true).rand(5000, 9999))
|
||||
.md5(microtime(true).rand(1000, 5000));
|
||||
}
|
||||
|
||||
@file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', $sSalt);
|
||||
@file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', '<'.'?php //'.$sSalt);
|
||||
}
|
||||
|
||||
define('APP_SALT', md5($sSalt.APP_PRIVATE_DATA_NAME.$sSalt));
|
||||
|
|
Loading…
Reference in a new issue