summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Guillot <fguillot@users.noreply.github.com>2014-03-14 21:08:15 -0400
committerFrédéric Guillot <fguillot@users.noreply.github.com>2014-03-14 21:08:15 -0400
commitede188815b65abcd16b4f1b125b63d269b9779ce (patch)
treee2aad77807f7018477629bd605c308d1807d1824
parent04dca7d28d4e37022f9381764eff9e358bebf568 (diff)
Improve token generation by using openssl or /dev/urandom or uniqid() as fallback
-rw-r--r--models/base.php43
1 files changed, 37 insertions, 6 deletions
diff --git a/models/base.php b/models/base.php
index 6a1dea97..9b5dc67f 100644
--- a/models/base.php
+++ b/models/base.php
@@ -14,27 +14,58 @@ require __DIR__.'/../vendor/SimpleValidator/Validators/AlphaNumeric.php';
require __DIR__.'/../vendor/SimpleValidator/Validators/GreaterThan.php';
require __DIR__.'/../vendor/SimpleValidator/Validators/Date.php';
+/**
+ * Base model class
+ *
+ * @package model
+ * @author Frederic Guillot
+ */
abstract class Base
{
+ /**
+ * Database instance
+ *
+ * @access protected
+ * @var PicoDb
+ */
protected $db;
+
+ /**
+ * Event dispatcher instance
+ *
+ * @access protected
+ * @var Core\Event
+ */
protected $event;
+ /**
+ * Constructor
+ *
+ * @access public
+ * @param PicoDb\Database $db Database instance
+ * @param Core\Event $event Event dispatcher instance
+ */
public function __construct(\PicoDb\Database $db, \Core\Event $event)
{
$this->db = $db;
$this->event = $event;
}
- // Generate a random token from /dev/urandom or with uniqid()
+ /**
+ * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid()
+ *
+ * @access public
+ * @return string Random token
+ */
public static function generateToken()
{
- if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
- $token = file_get_contents('/dev/urandom', false, null, 0, 30);
+ if (function_exists('openssl_random_pseudo_bytes')) {
+ return bin2hex(\openssl_random_pseudo_bytes(16));
}
- else {
- $token = uniqid(mt_rand(), true);
+ else if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
+ return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
}
- return hash('crc32b', $token);
+ return hash('sha256', uniqid(mt_rand(), true));
}
}