summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Schneider2020-05-06 14:10:40 +0200
committerChristian Schneider2020-05-06 14:10:40 +0200
commitc230360afbb9406ab239dbacd1181c149f9aa628 (patch)
treec2f10abe40b5c5dd830cbadfe8fba7404ec37820
parent102778b78bd38b857b2bab7d23d949d7423d55f3 (diff)
downloaditools-c230360afbb9406ab239dbacd1181c149f9aa628.tar.gz
itools-c230360afbb9406ab239dbacd1181c149f9aa628.tar.bz2
itools-c230360afbb9406ab239dbacd1181c149f9aa628.zip
Use random_bytes() instead of uniqid() now that we require PHP 7.0 for itools
-rw-r--r--it_dbi.class2
-rw-r--r--it_mail.class8
-rw-r--r--it_session.class4
-rw-r--r--it_user.class2
4 files changed, 8 insertions, 8 deletions
diff --git a/it_dbi.class b/it_dbi.class
index 39f50a7..5b35fc1 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -766,7 +766,7 @@ function insert($tags = array(), $command = "INSERT")
$this->_write_pre_process($tags, $command);
if ($this->_p['randomid'] && !isset($tags[$this->_p['keyfield']]))
- $tags[$this->_p['keyfield']] = md5(uniqid(mt_rand()));
+ $tags[$this->_p['keyfield']] = bin2hex(random_bytes(16));
$set = $this->_set($tags, "insert");
diff --git a/it_mail.class b/it_mail.class
index 3e56a08..161d3d1 100644
--- a/it_mail.class
+++ b/it_mail.class
@@ -149,7 +149,7 @@ function add_attachment($data, $p = array(), $legacy_name = null)
$p = array('mimetype' => $p) + ($legacy_name ? array('name' => $legacy_name) : array());
$this->attachments[] = $p + array(
- 'cid' => $cid = md5(uniqid(rand())),
+ 'cid' => $cid = bin2hex(random_bytes(16)),
'data' => $data,
'disposition' => "inline",
'mimetype' => "application/octet-stream",
@@ -208,7 +208,7 @@ function send($p = array())
if ($this->attachments)
{
/* Attachments need multipart MIME mail */
- $boundary1 = md5(uniqid(rand()));
+ $boundary1 = bin2hex(random_bytes(16));
$mixedtype = "Content-Type: multipart/mixed; boundary=\"$boundary1\"";
$headers[] = $mixedtype;
@@ -224,7 +224,7 @@ function send($p = array())
{
if ($this->body[IT_MAIL_HTML])
{
- $boundary2 = md5(uniqid(rand()));
+ $boundary2 = bin2hex(random_bytes(16));
$alternativetype = "Content-Type: multipart/alternative; boundary=\"$boundary2\"";
/* Plain and HTML */
@@ -257,7 +257,7 @@ function send($p = array())
{
if (strstr($this->body[IT_MAIL_HTML], "cid:"))
{
- $boundary3 = md5(uniqid(rand()));
+ $boundary3 = bin2hex(random_bytes(16));
$text .= "Content-Type: multipart/related; boundary=\"$boundary3\"\n\n--$boundary3\n";
}
diff --git a/it_session.class b/it_session.class
index af26082..e8c856c 100644
--- a/it_session.class
+++ b/it_session.class
@@ -161,7 +161,7 @@ function set_valid($valid = true, $login_identifier_required = false, $login_ide
}
else
{
- $this->cookie = md5(uniqid(rand())); /* random garbage */
+ $this->cookie = bin2hex(random_bytes(16)); /* random garbage */
$result = !$valid; /* Setting to invalid succeeded or setting to valid failed */
}
@@ -189,7 +189,7 @@ function create_login_identifier()
{
if (!$this->cookie)
{
- $this->cookie = md5(uniqid(rand())); /* random garbage */
+ $this->cookie = bin2hex(random_bytes(16)); /* random garbage */
it::setcookie($this->cookiename, $this->cookie, [ 'expires' => _IT_SESSION_COOKIE_EXPIRY, 'path' => "/", 'domain' => $this->domain, 'secure' => $this->ssl, 'httponly' => true, 'samesite' => _IT_USER_COOKIE_SAMESITE ]);
}
diff --git a/it_user.class b/it_user.class
index 18c4bbd..7c6a56d 100644
--- a/it_user.class
+++ b/it_user.class
@@ -312,7 +312,7 @@ function create($tags)
*/
function create_uid()
{
- return md5(uniqid(rand())); /* random garbage */
+ return bin2hex(random_bytes(16)); /* random garbage */
}