diff options
author | Frédéric Guillot <fguillot@users.noreply.github.com> | 2014-03-14 21:08:15 -0400 |
---|---|---|
committer | Frédéric Guillot <fguillot@users.noreply.github.com> | 2014-03-14 21:08:15 -0400 |
commit | ede188815b65abcd16b4f1b125b63d269b9779ce (patch) | |
tree | e2aad77807f7018477629bd605c308d1807d1824 /models | |
parent | 04dca7d28d4e37022f9381764eff9e358bebf568 (diff) |
Improve token generation by using openssl or /dev/urandom or uniqid() as fallback
Diffstat (limited to 'models')
-rw-r--r-- | models/base.php | 43 |
1 files changed, 37 insertions, 6 deletions
diff --git a/models/base.php b/models/base.php index 6a1dea97..9b5dc67f 100644 --- a/models/base.php +++ b/models/base.php @@ -14,27 +14,58 @@ require __DIR__.'/../vendor/SimpleValidator/Validators/AlphaNumeric.php'; require __DIR__.'/../vendor/SimpleValidator/Validators/GreaterThan.php'; require __DIR__.'/../vendor/SimpleValidator/Validators/Date.php'; +/** + * Base model class + * + * @package model + * @author Frederic Guillot + */ abstract class Base { + /** + * Database instance + * + * @access protected + * @var PicoDb + */ protected $db; + + /** + * Event dispatcher instance + * + * @access protected + * @var Core\Event + */ protected $event; + /** + * Constructor + * + * @access public + * @param PicoDb\Database $db Database instance + * @param Core\Event $event Event dispatcher instance + */ public function __construct(\PicoDb\Database $db, \Core\Event $event) { $this->db = $db; $this->event = $event; } - // Generate a random token from /dev/urandom or with uniqid() + /** + * Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid() + * + * @access public + * @return string Random token + */ public static function generateToken() { - if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { - $token = file_get_contents('/dev/urandom', false, null, 0, 30); + if (function_exists('openssl_random_pseudo_bytes')) { + return bin2hex(\openssl_random_pseudo_bytes(16)); } - else { - $token = uniqid(mt_rand(), true); + else if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') { + return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30)); } - return hash('crc32b', $token); + return hash('sha256', uniqid(mt_rand(), true)); } } |