[evolvis-commits] r16952: Use util_rand{num, bytes}() when appropriate

mirabilos at evolvis.org mirabilos at evolvis.org
Tue Mar 1 01:53:16 CET 2011


Author: mirabilos
Date: 2011-03-01 01:53:16 +0100 (Tue, 01 Mar 2011)
New Revision: 16952

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/common/include/Group.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php
   trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php
   trunk/gforge_base/evolvisforge-5.1/src/common/include/forms.php
   trunk/gforge_base/evolvisforge-5.1/src/common/mail/MailingList.class.php
   trunk/gforge_base/evolvisforge-5.1/src/cronjobs/forum_gateway.php
   trunk/gforge_base/evolvisforge-5.1/src/cronjobs/tracker_gateway.php
   trunk/gforge_base/evolvisforge-5.1/src/www/account/lostpw.php
   trunk/gforge_base/evolvisforge-5.1/src/www/pm/ganttpage.php
   trunk/gforge_base/evolvisforge-5.1/src/www/project/admin/project_admin_utils.php
   trunk/gforge_base/evolvisforge-5.1/src/www/soap/nusoap.php
Log:
Use util_rand{num,bytes}() when appropriate

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/Group.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/Group.class.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/Group.class.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -318,9 +318,6 @@
 			return false;
 		} else {
 
-			srand((double)microtime()*1000000);
-			$random_num = rand(0,1000000);
-	
 			db_begin();
 	
 			$res = db_query_params ('
@@ -353,7 +350,7 @@
 						       htmlspecialchars($purpose),
 						       time(),
 						       $is_public,
-						       md5($random_num),
+						       md5(util_randbytes()),
 						       $built_from_template)) ;
 			if (!$res || db_affected_rows($res) < 1) {
 				$this->setError(sprintf(_('ERROR: Could not create group: %s'),db_error()));

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/User.class.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -329,7 +329,7 @@
 			}
 			// If we're really unlucky, then let's go brute-force
 			while (!$unix_name) {
-				$c = substr (md5($email . rand()), 0, 15) ;
+				$c = substr (md5($email . util_randbytes()), 0, 15) ;
 				if (account_namevalid($c)
 				    && db_numrows(db_query_params('SELECT user_id FROM users WHERE user_name = $1',
 								  array ($c))) == 0) {
@@ -343,7 +343,7 @@
 			return false;
 		}
 		// if we got this far, it must be good
-		$confirm_hash = substr(md5($password1 . rand() . microtime()),0,16);
+		$confirm_hash = substr(md5($password1 . util_randbytes() . microtime()),0,16);
 		db_begin();
 		$result = db_query_params ('INSERT INTO users (user_name,user_pw,unix_pw,realname,firstname,lastname,email,add_date,status,confirm_hash,mail_siteupdates,mail_va,language,timezone,jabber_address,jabber_only,unix_box,address,address2,phone,fax,title,ccode,theme_id) VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19,$20,$21,$22,$23,$24)',
 					   array ($unix_name,
@@ -900,7 +900,7 @@
 	function setNewEmailAndHash($email, $hash='') {
 
 		if (!$hash) {
-			$hash = substr(md5(strval(time()) . strval(mt_rand())), 0, 16);
+			$hash = substr(md5(strval(time()) . strval(util_randbytes())), 0, 16);
 		}
 
 		if (!$email || !validate_email($email)) {

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -124,20 +124,6 @@
 }
 
 /**
- * rannum() - Generate a random number
- * 
- * This is a local function used for account_salt()
- *
- * @return int $num A random number
- *
- */
-function rannum(){	     
-	mt_srand((double)microtime()*1000000);		  
-	$num = mt_rand(46,122);		  
-	return $num;		  
-}	     
-
-/**
  * genchr() - Generate a random character
  * 
  * This is a local function used for account_salt()
@@ -147,7 +133,7 @@
  */
 function genchr(){
 	do {	  
-		$num = rannum();		  
+		$num = util_randnum();		  
 	} while ( ( $num > 57 && $num < 65 ) || ( $num > 90 && $num < 97 ) );	  
 	$char = chr($num);	  
 	return $char;	  

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/forms.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/forms.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/forms.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -34,7 +34,7 @@
 	db_begin();
 	// there's about 99.999999999% probability this loop will run only once :) 
 	while(!$is_new) {
-		$key = md5(microtime() + rand() + $_SERVER["REMOTE_ADDR"]);
+		$key = md5(microtime() + util_randbytes() + $_SERVER["REMOTE_ADDR"]);
 		$res = db_query_params ('SELECT * FROM form_keys WHERE key=$1', array ($key));
 		if (!db_numrows($res)) {
 			$is_new=true;	

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/mail/MailingList.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/mail/MailingList.class.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/mail/MailingList.class.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -148,7 +148,7 @@
 			return false;
 		}
 
-		$listPassword = substr(md5($GLOBALS['session_ser'] . time() . rand(0,40000)), 0, 16);
+		$listPassword = substr(md5($GLOBALS['session_ser'] . time() . util_randbytes()), 0, 16);
 		
 		db_begin();
 		$result = db_query_params ('INSERT INTO mail_group_list (group_id,list_name,is_public,password,list_admin,status,description) VALUES ($1,$2,$3,$4,$5,$6,$7)',

Modified: trunk/gforge_base/evolvisforge-5.1/src/cronjobs/forum_gateway.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/cronjobs/forum_gateway.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/cronjobs/forum_gateway.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -88,7 +88,7 @@
 	function copyMailTmp() {
 		// Unfortunatly we need a temp file
 		// mailparse needs to read content several times
-		$tmpfile = tempnam ("/tmp", "forum_gateway.".rand()."-".rand());
+		$tmpfile = tempnam ("/tmp", "forum_gateway.".util_randnum()."-".util_randnum());
 		$in = fopen("php://stdin", "r");
 		$out = fopen($tmpfile, "w");
 	

Modified: trunk/gforge_base/evolvisforge-5.1/src/cronjobs/tracker_gateway.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/cronjobs/tracker_gateway.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/cronjobs/tracker_gateway.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -88,7 +88,7 @@
 	function copyMailTmp() {
 		// Unfortunatly we need a temp file
 		// mailparse needs to read content several times
-		$tmpfile = tempnam ("/tmp", "artifact_gateway.".rand()."-".rand());
+		$tmpfile = tempnam ("/tmp", "artifact_gateway.".util_randnum()."-".util_randnum());
 		$in = fopen("php://stdin", "r");
 		$out = fopen($tmpfile, "w");
 	

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/account/lostpw.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/account/lostpw.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/account/lostpw.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -47,7 +47,7 @@
 
 	// First, we need to create new confirm hash
 
-	$confirm_hash = md5(forge_get_config('session_key') . strval(time()) . strval(rand()));
+	$confirm_hash = md5(forge_get_config('session_key') . strval(time()) . strval(util_randbytes()));
 
 	$u->setNewEmailAndHash($u->getEmail(), $confirm_hash);
 	if ($u->isError()) {

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/pm/ganttpage.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/pm/ganttpage.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/pm/ganttpage.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -177,7 +177,7 @@
 		'&_resolution='.$_resolution.
 		'&_category_id='.$_category_id.
 		'&_size='.$_size.
-		'&rand='.time().'" alt="'. _('Gantt Chart').'" />';
+		'&rand='.util_randnum().'" alt="'. _('Gantt Chart').'" />';
 
 //pm_footer(array());
 ?>

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/project/admin/project_admin_utils.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/project/admin/project_admin_utils.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/project/admin/project_admin_utils.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -218,22 +218,8 @@
 } //end prdb_namespace_seek()
 
 function random_pwgen() {
-
-	srand ( (double) microtime()*10000000); 
-	$rnpw = "";
-
-	for ($i = 0; $i < 10; $i++) {
-
-		$rn = rand(1,2);
-
-		if ($rn == 1) {
-			$rnpw .= rand(1,9);
-		} else {
-			$rnpw .= chr(rand(65,122));
-		}
-
-	}
-	return $rnpw;
+	return (substr(strtr(base64_encode(util_randbytes(9)), '+', '.'),
+		       0, 10));
 }
 
 function permissions_blurb() {

Modified: trunk/gforge_base/evolvisforge-5.1/src/www/soap/nusoap.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/www/soap/nusoap.php	2011-03-01 00:53:13 UTC (rev 16951)
+++ trunk/gforge_base/evolvisforge-5.1/src/www/soap/nusoap.php	2011-03-01 00:53:16 UTC (rev 16952)
@@ -426,7 +426,7 @@
 		// if name has ns, add ns prefix to name
 		$xmlns = '';
         if($name_ns){
-			$prefix = 'nu'.rand(1000,9999);
+			$prefix = 'nu'.util_randnum(1000,9999);
 			$name = $prefix.':'.$name;
 			$xmlns .= " xmlns:$prefix=\"$name_ns\"";
 		}
@@ -436,7 +436,7 @@
 		    // w/o checking against typemap
 			$type_prefix = 'xsd';
 		} elseif($type_ns){
-			$type_prefix = 'ns'.rand(1000,9999);
+			$type_prefix = 'ns'.util_randnum(1000,9999);
 			$xmlns .= " xmlns:$type_prefix=\"$type_ns\"";
 		}
 		// serialize attributes if present
@@ -595,7 +595,7 @@
 							if ($tt_ns != '' && $tt_ns == $this->namespaces['xsd']){
 								 $array_typename = 'xsd:' . $tt;
 							} elseif ($tt_ns) {
-								$tt_prefix = 'ns' . rand(1000, 9999);
+								$tt_prefix = 'ns' . util_randnum(1000, 9999);
 								$array_typename = "$tt_prefix:$tt";
 								$xmlns .= " xmlns:$tt_prefix=\"$tt_ns\"";
 							} else {
@@ -5977,7 +5977,7 @@
 					$tt_prefix = $this->getPrefixFromNamespace('http://xml.apache.org/xml-soap');
 					if (! $tt_prefix) {
 						$this->debug('in serializeType: Add namespace for Apache SOAP type');
-						$tt_prefix = 'ns' . rand(1000, 9999);
+						$tt_prefix = 'ns' . util_randnum(1000, 9999);
 						$this->namespaces[$tt_prefix] = 'http://xml.apache.org/xml-soap';
 						// force this to be added to usedNamespaces
 						$tt_prefix = $this->getPrefixFromNamespace('http://xml.apache.org/xml-soap');
@@ -7352,7 +7352,7 @@
 			$use = $opData['input']['use'];
 			// add ns to ns array
 			if($namespace != '' && !isset($this->wsdl->namespaces[$namespace])){
-				$nsPrefix = 'ns' . rand(1000, 9999);
+				$nsPrefix = 'ns' . util_randnum(1000, 9999);
 				$this->wsdl->namespaces[$nsPrefix] = $namespace;
 			}
             $nsPrefix = $this->wsdl->getPrefixFromNamespace($namespace);
@@ -7391,7 +7391,7 @@
 		} else {
 			// no WSDL
 			//$this->namespaces['ns1'] = $namespace;
-			$nsPrefix = 'ns' . rand(1000, 9999);
+			$nsPrefix = 'ns' . util_randnum(1000, 9999);
 			// serialize 
 			$payload = '';
 			if (is_string($params)) {
@@ -7856,7 +7856,7 @@
 	* @access   public
 	*/
 	function getProxy() {
-		$r = rand();
+		$r = util_randnum();
 		$evalStr = $this->_getProxyClassCode($r);
 		//$this->debug("proxy class: $evalStr");
 		if ($this->getError()) {
@@ -7963,7 +7963,7 @@
 	* @access   public
 	*/
 	function getProxyClassCode() {
-		$r = rand();
+		$r = util_randnum();
 		return $this->_getProxyClassCode($r);
 	}
 



More information about the evolvis-commits mailing list