Replace salt function with a more modern, cryptographically secure pseudo-random method
Set minimum PHP version to 7.0.0 for random_bytes
This commit is contained in:
parent
fe3798f8ec
commit
24ce5d5833
@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
|
||||
|
||||
phpLDAPadmin requires the following:
|
||||
a. A web server (Apache, IIS, etc).
|
||||
b. PHP 5.5.0 or newer (with LDAP support)
|
||||
b. PHP 7.0.0 or newer (with LDAP support)
|
||||
|
||||
* To install
|
||||
|
||||
|
@ -8,7 +8,7 @@
|
||||
*/
|
||||
|
||||
/** The minimum version of PHP required to run phpLDAPadmin. */
|
||||
define('REQUIRED_PHP_VERSION','5.5.0');
|
||||
define('REQUIRED_PHP_VERSION','7.0.0');
|
||||
|
||||
/**
|
||||
* The config class contains all our configuration settings for a session.
|
||||
|
@ -1828,15 +1828,9 @@ function random_salt($length) {
|
||||
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
$possible = '0123456789'.
|
||||
'abcdefghijklmnopqrstuvwxyz'.
|
||||
'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.
|
||||
'./';
|
||||
$str = '';
|
||||
mt_srand((double)microtime() * 1000000);
|
||||
|
||||
while (strlen($str) < $length)
|
||||
$str .= substr($possible,(rand()%strlen($possible)),1);
|
||||
$str = bin2hex(random_bytes(ceil($length/2)));
|
||||
if ($length % 2 == 1)
|
||||
return substr($str, 0, -1);
|
||||
|
||||
return $str;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user