Replace salt function with a more modern, cryptographically secure pseudo-random method

Set minimum PHP version to 7.0.0 for random_bytes
This commit is contained in:
Bert Van de Poel 2021-04-24 03:33:50 +02:00 committed by Deon George
parent fe3798f8ec
commit 24ce5d5833
3 changed files with 5 additions and 11 deletions

View File

@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
phpLDAPadmin requires the following:
a. A web server (Apache, IIS, etc).
b. PHP 5.5.0 or newer (with LDAP support)
b. PHP 7.0.0 or newer (with LDAP support)
* To install

View File

@ -8,7 +8,7 @@
*/
/** The minimum version of PHP required to run phpLDAPadmin. */
define('REQUIRED_PHP_VERSION','5.5.0');
define('REQUIRED_PHP_VERSION','7.0.0');
/**
* The config class contains all our configuration settings for a session.

View File

@ -1828,15 +1828,9 @@ function random_salt($length) {
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
$possible = '0123456789'.
'abcdefghijklmnopqrstuvwxyz'.
'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
'./';
$str = '';
mt_srand((double)microtime() * 1000000);
while (strlen($str) < $length)
$str .= substr($possible,(rand()%strlen($possible)),1);
$str = bin2hex(random_bytes(ceil($length/2)));
if ($length % 2 == 1)
return substr($str, 0, -1);
return $str;
}