1 |
robbat2 09/08/19 17:41:37 |
2 |
|
3 |
Modified: functions.php |
4 |
Log: |
5 |
Stop touching the database for rand_seed, and now NEVER repeat random ids. |
6 |
|
7 |
Revision Changes Path |
8 |
1.27 forums/htdocs/includes/functions.php |
9 |
|
10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-projects/forums/htdocs/includes/functions.php?rev=1.27&view=markup |
11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-projects/forums/htdocs/includes/functions.php?rev=1.27&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-projects/forums/htdocs/includes/functions.php?r1=1.26&r2=1.27 |
13 |
|
14 |
Index: functions.php |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo-projects/forums/htdocs/includes/functions.php,v |
17 |
retrieving revision 1.26 |
18 |
retrieving revision 1.27 |
19 |
diff -p -w -b -B -u -u -r1.26 -r1.27 |
20 |
--- functions.php 30 Jul 2009 06:38:50 -0000 1.26 |
21 |
+++ functions.php 19 Aug 2009 17:41:37 -0000 1.27 |
22 |
@@ -7,7 +7,7 @@ |
23 |
* copyright : (C) 2001 The phpBB Group |
24 |
* email : support@×××××.com |
25 |
* |
26 |
- * $Id: functions.php,v 1.26 2009/07/30 06:38:50 desultory Exp $ |
27 |
+ * $Id: functions.php,v 1.27 2009/08/19 17:41:37 robbat2 Exp $ |
28 |
* |
29 |
* |
30 |
***************************************************************************/ |
31 |
@@ -146,30 +146,30 @@ function phpbb_rtrim($str, $charlist = f |
32 |
* The board wide setting is updated once per page if this code is called |
33 |
* With thanks to Anthrax101 for the inspiration on this one |
34 |
* Added in phpBB 2.0.20 |
35 |
+* |
36 |
+* 2009-08-19 robbat2: PRNG improvements |
37 |
+* - completely modify it to NOT touch the database and return a much better grade of random |
38 |
+* - carry out local PRNG state in $dss_seeded. |
39 |
+* - reseed sometimes |
40 |
*/ |
41 |
function dss_rand() |
42 |
{ |
43 |
- global $db, $board_config, $dss_seeded; |
44 |
- |
45 |
- $val = $board_config['rand_seed'] . microtime(); |
46 |
- $val = md5($val); |
47 |
- $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); |
48 |
- |
49 |
- if($dss_seeded !== true) |
50 |
- { |
51 |
- $sql = "UPDATE " . CONFIG_TABLE . " SET |
52 |
- config_value = '" . $board_config['rand_seed'] . "' |
53 |
- WHERE config_name = 'rand_seed'"; |
54 |
+ global $dss_seeded; |
55 |
|
56 |
- if( !$db->sql_query($sql) ) |
57 |
- { |
58 |
- message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); |
59 |
+ $need_reseed = false; |
60 |
+ // Trigger reseeding approximately every 1K calls |
61 |
+ if(rand() % 1024 == 1) { |
62 |
+ $need_reseed = true; |
63 |
} |
64 |
|
65 |
- $dss_seeded = true; |
66 |
+ // When we are not seeded, grab some kernel entropy. |
67 |
+ if($dss_seeded === false || $need_reseed === true) { |
68 |
+ $dss_seeded .= file_get_contents('/dev/urandom', FILE_BINARY, NULL, 0, 8); |
69 |
} |
70 |
|
71 |
- return substr($val, 4, 16); |
72 |
+ $dss_seeded = md5(microtime() . posix_getpid() . $_SERVER['REQUEST_TIME'] . $_SERVER['UNIQUE_ID'] . $dss_seeded); |
73 |
+ |
74 |
+ return substr($dss_seeded, 4, 16); |
75 |
} |
76 |
// |
77 |
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. |