diff options
author | Christian Schneider | 2020-05-06 14:10:40 +0200 |
---|---|---|
committer | Christian Schneider | 2020-05-06 14:10:40 +0200 |
commit | c230360afbb9406ab239dbacd1181c149f9aa628 (patch) | |
tree | c2f10abe40b5c5dd830cbadfe8fba7404ec37820 | |
parent | 102778b78bd38b857b2bab7d23d949d7423d55f3 (diff) | |
download | itools-c230360afbb9406ab239dbacd1181c149f9aa628.tar.gz itools-c230360afbb9406ab239dbacd1181c149f9aa628.tar.bz2 itools-c230360afbb9406ab239dbacd1181c149f9aa628.zip |
Use random_bytes() instead of uniqid() now that we require PHP 7.0 for itools
-rw-r--r-- | it_dbi.class | 2 | ||||
-rw-r--r-- | it_mail.class | 8 | ||||
-rw-r--r-- | it_session.class | 4 | ||||
-rw-r--r-- | it_user.class | 2 |
4 files changed, 8 insertions, 8 deletions
diff --git a/it_dbi.class b/it_dbi.class index 39f50a7..5b35fc1 100644 --- a/it_dbi.class +++ b/it_dbi.class @@ -766,7 +766,7 @@ function insert($tags = array(), $command = "INSERT") $this->_write_pre_process($tags, $command); if ($this->_p['randomid'] && !isset($tags[$this->_p['keyfield']])) - $tags[$this->_p['keyfield']] = md5(uniqid(mt_rand())); + $tags[$this->_p['keyfield']] = bin2hex(random_bytes(16)); $set = $this->_set($tags, "insert"); diff --git a/it_mail.class b/it_mail.class index 3e56a08..161d3d1 100644 --- a/it_mail.class +++ b/it_mail.class @@ -149,7 +149,7 @@ function add_attachment($data, $p = array(), $legacy_name = null) $p = array('mimetype' => $p) + ($legacy_name ? array('name' => $legacy_name) : array()); $this->attachments[] = $p + array( - 'cid' => $cid = md5(uniqid(rand())), + 'cid' => $cid = bin2hex(random_bytes(16)), 'data' => $data, 'disposition' => "inline", 'mimetype' => "application/octet-stream", @@ -208,7 +208,7 @@ function send($p = array()) if ($this->attachments) { /* Attachments need multipart MIME mail */ - $boundary1 = md5(uniqid(rand())); + $boundary1 = bin2hex(random_bytes(16)); $mixedtype = "Content-Type: multipart/mixed; boundary=\"$boundary1\""; $headers[] = $mixedtype; @@ -224,7 +224,7 @@ function send($p = array()) { if ($this->body[IT_MAIL_HTML]) { - $boundary2 = md5(uniqid(rand())); + $boundary2 = bin2hex(random_bytes(16)); $alternativetype = "Content-Type: multipart/alternative; boundary=\"$boundary2\""; /* Plain and HTML */ @@ -257,7 +257,7 @@ function send($p = array()) { if (strstr($this->body[IT_MAIL_HTML], "cid:")) { - $boundary3 = md5(uniqid(rand())); + $boundary3 = bin2hex(random_bytes(16)); $text .= "Content-Type: multipart/related; boundary=\"$boundary3\"\n\n--$boundary3\n"; } diff --git a/it_session.class b/it_session.class index af26082..e8c856c 100644 --- a/it_session.class +++ b/it_session.class @@ -161,7 +161,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide } else { - $this->cookie = md5(uniqid(rand())); /* random garbage */ + $this->cookie = bin2hex(random_bytes(16)); /* random garbage */ $result = !$valid; /* Setting to invalid succeeded or setting to valid failed */ } @@ -189,7 +189,7 @@ function create_login_identifier() { if (!$this->cookie) { - $this->cookie = md5(uniqid(rand())); /* random garbage */ + $this->cookie = bin2hex(random_bytes(16)); /* random garbage */ it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]); } diff --git a/it_user.class b/it_user.class index 18c4bbd..7c6a56d 100644 --- a/it_user.class +++ b/it_user.class @@ -312,7 +312,7 @@ function create($tags) */ function create_uid() { - return md5(uniqid(rand())); /* random garbage */ + return bin2hex(random_bytes(16)); /* random garbage */ } |