Replace salt function with a more modern, cryptographically secure pseudo-random method

Set minimum PHP version to 7.0.0 for random_bytes
This commit is contained in:
Bert Van de Poel 2021-04-24 03:33:50 +02:00 committed by Deon George
parent fe3798f8ec
commit 24ce5d5833
3 changed files with 5 additions and 11 deletions

View File

@ -5,7 +5,7 @@ For install instructions in non-English languages, see the wiki:
phpLDAPadmin requires the following: phpLDAPadmin requires the following:
a. A web server (Apache, IIS, etc). a. A web server (Apache, IIS, etc).
b. PHP 5.5.0 or newer (with LDAP support) b. PHP 7.0.0 or newer (with LDAP support)
* To install * To install

View File

@ -8,7 +8,7 @@
*/ */
/** The minimum version of PHP required to run phpLDAPadmin. */ /** The minimum version of PHP required to run phpLDAPadmin. */
define('REQUIRED_PHP_VERSION','5.5.0'); define('REQUIRED_PHP_VERSION','7.0.0');
/** /**
* The config class contains all our configuration settings for a session. * The config class contains all our configuration settings for a session.

View File

@ -1828,15 +1828,9 @@ function random_salt($length) {
if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) if (DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
$possible = '0123456789'. $str = bin2hex(random_bytes(ceil($length/2)));
'abcdefghijklmnopqrstuvwxyz'. if ($length % 2 == 1)
'ABCDEFGHIJKLMNOPQRSTUVWXYZ'. return substr($str, 0, -1);
'./';
$str = '';
mt_srand((double)microtime() * 1000000);
while (strlen($str) < $length)
$str .= substr($possible,(rand()%strlen($possible)),1);
return $str; return $str;
} }