From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 29 Sep 2012 14:44:02 +0000 (+0200)
Subject: Fallback for systems without openssl
X-Git-Tag: v4.5.0RC2~33
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=ef57e9294b52b838f65c9896c6d85c2f8663c90b;p=nextcloud-server.git

Fallback for systems without openssl
---

diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php
index 7c6d51d99b8..4cd8b9079fd 100644
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -13,7 +13,7 @@ require_once '../../lib/base.php';
 // Someone lost their password:
 if (isset($_POST['user'])) {
 	if (OC_User::userExists($_POST['user'])) {
-		$token = hash("sha256", $_POST['user'].openssl_random_pseudo_bytes(10, $cstrong));
+		$token = hash("sha256", $_POST['user'].OC_Util::generate_random_bytes(10));
 		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
 		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
 		if (!empty($email)) {
diff --git a/lib/setup.php b/lib/setup.php
index 6d8430c1036..16b9ec68df6 100644
--- a/lib/setup.php
+++ b/lib/setup.php
@@ -79,8 +79,7 @@ class OC_Setup {
 			}
 
 			//generate a random salt that is used to salt the local user passwords
-			$random_bytes = openssl_random_pseudo_bytes(30, $cstrong);
-			$salt = bin2hex($random_bytes);
+			$salt = OC_Util::generate_random_bytes(30);
 			OC_Config::setValue('passwordsalt', $salt);
 
 			//write the config file
diff --git a/lib/util.php b/lib/util.php
index 29ab2c34e96..310ca6afec9 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -437,9 +437,7 @@ class OC_Util {
 	 */
 	public static function callRegister() {
 		// generate a random token.
-		$bytes = openssl_random_pseudo_bytes(10, $cstrong);
-		$hex = bin2hex($bytes);
-		$token = $hex;
+		$token = self::generate_random_bytes(20);
 
 		// store the token together with a timestamp in the session.
 		$_SESSION['requesttoken-'.$token]=time();
@@ -550,4 +548,30 @@ class OC_Util {
 		}
 	}
 
-}
+	/*
+	* @brief Generates random bytes with "openssl_random_pseudo_bytes" with a fallback for systems without openssl
+	* Inspired by gorgo on php.net
+	* @param Int with the length of the random
+	* @return String with the random bytes
+	*/
+	public static function generate_random_bytes($length = 30) {
+		if(function_exists('openssl_random_pseudo_bytes')) { 
+			$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
+			if($strong == TRUE) {
+				return substr($pseudo_byte, 0, $length); // Truncate it to match the length
+			}
+		}
+
+		// fallback to mt_rand() 
+		$characters = '0123456789';
+		$characters .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; 
+		$charactersLength = strlen($characters)-1;
+		$pseudo_byte = "";
+
+		// Select some random characters
+		for ($i = 0; $i < $length; $i++) {
+			$pseudo_byte .= $characters[mt_rand(0, $charactersLength)];
+		}        
+		return $pseudo_byte;
+	}
+}
\ No newline at end of file