| 1 |
robbat2 09/08/19 17:41:37 |
| 2 |
|
| 3 |
Modified: functions.php |
| 4 |
Log: |
| 5 |
Stop touching the database for rand_seed, and now NEVER repeat random ids. |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.27 forums/htdocs/includes/functions.php |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-projects/forums/htdocs/includes/functions.php?rev=1.27&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-projects/forums/htdocs/includes/functions.php?rev=1.27&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewcvs.py/gentoo-projects/forums/htdocs/includes/functions.php?r1=1.26&r2=1.27 |
| 13 |
|
| 14 |
Index: functions.php |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo-projects/forums/htdocs/includes/functions.php,v |
| 17 |
retrieving revision 1.26 |
| 18 |
retrieving revision 1.27 |
| 19 |
diff -p -w -b -B -u -u -r1.26 -r1.27 |
| 20 |
--- functions.php 30 Jul 2009 06:38:50 -0000 1.26 |
| 21 |
+++ functions.php 19 Aug 2009 17:41:37 -0000 1.27 |
| 22 |
@@ -7,7 +7,7 @@ |
| 23 |
* copyright : (C) 2001 The phpBB Group |
| 24 |
* email : support@×××××.com |
| 25 |
* |
| 26 |
- * $Id: functions.php,v 1.26 2009/07/30 06:38:50 desultory Exp $ |
| 27 |
+ * $Id: functions.php,v 1.27 2009/08/19 17:41:37 robbat2 Exp $ |
| 28 |
* |
| 29 |
* |
| 30 |
***************************************************************************/ |
| 31 |
@@ -146,30 +146,30 @@ function phpbb_rtrim($str, $charlist = f |
| 32 |
* The board wide setting is updated once per page if this code is called |
| 33 |
* With thanks to Anthrax101 for the inspiration on this one |
| 34 |
* Added in phpBB 2.0.20 |
| 35 |
+* |
| 36 |
+* 2009-08-19 robbat2: PRNG improvements |
| 37 |
+* - completely modify it to NOT touch the database and return a much better grade of random |
| 38 |
+* - carry out local PRNG state in $dss_seeded. |
| 39 |
+* - reseed sometimes |
| 40 |
*/ |
| 41 |
function dss_rand() |
| 42 |
{ |
| 43 |
- global $db, $board_config, $dss_seeded; |
| 44 |
- |
| 45 |
- $val = $board_config['rand_seed'] . microtime(); |
| 46 |
- $val = md5($val); |
| 47 |
- $board_config['rand_seed'] = md5($board_config['rand_seed'] . $val . 'a'); |
| 48 |
- |
| 49 |
- if($dss_seeded !== true) |
| 50 |
- { |
| 51 |
- $sql = "UPDATE " . CONFIG_TABLE . " SET |
| 52 |
- config_value = '" . $board_config['rand_seed'] . "' |
| 53 |
- WHERE config_name = 'rand_seed'"; |
| 54 |
+ global $dss_seeded; |
| 55 |
|
| 56 |
- if( !$db->sql_query($sql) ) |
| 57 |
- { |
| 58 |
- message_die(GENERAL_ERROR, "Unable to reseed PRNG", "", __LINE__, __FILE__, $sql); |
| 59 |
+ $need_reseed = false; |
| 60 |
+ // Trigger reseeding approximately every 1K calls |
| 61 |
+ if(rand() % 1024 == 1) { |
| 62 |
+ $need_reseed = true; |
| 63 |
} |
| 64 |
|
| 65 |
- $dss_seeded = true; |
| 66 |
+ // When we are not seeded, grab some kernel entropy. |
| 67 |
+ if($dss_seeded === false || $need_reseed === true) { |
| 68 |
+ $dss_seeded .= file_get_contents('/dev/urandom', FILE_BINARY, NULL, 0, 8); |
| 69 |
} |
| 70 |
|
| 71 |
- return substr($val, 4, 16); |
| 72 |
+ $dss_seeded = md5(microtime() . posix_getpid() . $_SERVER['REQUEST_TIME'] . $_SERVER['UNIQUE_ID'] . $dss_seeded); |
| 73 |
+ |
| 74 |
+ return substr($dss_seeded, 4, 16); |
| 75 |
} |
| 76 |
// |
| 77 |
// Get Userdata, $user can be username or user_id. If force_str is true, the username will be forced. |
Archives