[evolvis-commits] r18347: remove dead insecure code

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 12 20:39:49 CEST 2012


Author: mirabilos
Date: 2012-04-12 20:39:49 +0200 (Thu, 12 Apr 2012)
New Revision: 18347

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php
Log:
remove dead insecure code

Modified: trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php	2012-04-12 18:39:43 UTC (rev 18346)
+++ trunk/gforge_base/evolvisforge-5.1/src/common/include/account.php	2012-04-12 18:39:49 UTC (rev 18347)
@@ -124,7 +124,7 @@
 /**
  * account_genstr() - Generate an encoded random string
  *
- * This is a local function used for account_gensalt()
+ * This is a local function used for account_genunixpw()
  *
  * @param		int	Number of bytes to spew out
  * @returns The random string, bcrypt ASCIIfied, or false if an error occured
@@ -146,55 +146,6 @@
 }
 
 /**
- * genchr() - Generate a random character
- * 
- * This is a local function used for account_salt()
- *
- * @return int $num A random character
- *
- */
-function genchr(){
-	do {	  
-		$num = util_randnum(46, 122);
-	} while ( ( $num > 57 && $num < 65 ) || ( $num > 90 && $num < 97 ) );	  
-	$char = chr($num);	  
-	return $char;	  
-}	   
-
-/**
- * account_gensalt() - A random salt generator
- *
- * @returns The random salt string
- *
- */
-function account_gensalt(){
-
-	// ncommander: modified for cipher selection
-	// crypt() selects the cipher based on
-	// the salt, so ...
-	
-	$a = genchr(); 
-	$b = genchr();
-	switch(forge_get_config('unix_cipher')) {
-		case 'DES':
-			$salt = "$a$b";
-			break;
-		default:
-		case 'MD5':	
-			$salt = "$1$" . "$a$b";
-			break;
-		case 'Blowfish':
-			$salt = '$2a$';
-			for ($i = 0; $i < 16; ++$i) {
-			 	$salt .= rand(64,126);
-			}
-			return "$2a$".$salt;
-			break;
-	}
-	return $salt;	
-}
-
-/**
  * account_genunixpw() - Generate unix password
  *
  * @param		string	The plaintext password string



More information about the evolvis-commits mailing list