3 use \Elgg\Database\SiteSecret;
36 $this->site_secret = $site_secret;
79 if (function_exists(
'openssl_random_pseudo_bytes') && substr(PHP_OS, 0, 3) !==
'WIN') {
80 $SSLstr = openssl_random_pseudo_bytes($length, $strong);
91 if (function_exists(
'mcrypt_create_iv') && substr(PHP_OS, 0, 3) !==
'WIN') {
92 $str = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
107 $msec_per_round = 400;
111 $handle = @fopen(
'/dev/urandom',
'rb');
112 if ($handle && function_exists(
'stream_set_read_buffer')) {
113 @stream_set_read_buffer($handle, 0);
117 $bytes = ($total > $hash_len) ? $hash_len : $total;
121 $entropy = rand() . uniqid(mt_rand(),
true) . $SSLstr;
122 $entropy .= implode(
'', @fstat(@fopen(__FILE__,
'r')));
123 $entropy .= memory_get_usage() . getmypid();
124 $entropy .= serialize($_ENV) . serialize($_SERVER);
125 if (function_exists(
'posix_times')) {
126 $entropy .= serialize(posix_times());
128 if (function_exists(
'zend_thread_id')) {
129 $entropy .= zend_thread_id();
133 $entropy .= @fread($handle, $bytes);
136 for ($i = 0; $i < 3; $i++) {
137 $c1 = microtime(
true);
138 $var = sha1(mt_rand());
139 for ($j = 0; $j < 50; $j++) {
142 $c2 = microtime(
true);
143 $entropy .= $c1 . $c2;
148 $rounds = (int) ($msec_per_round * 50 / (
int) (($c2 - $c1) * 1000000));
152 $iter = $bytes * (int) (ceil(8 / $bits_per_round));
154 for ($i = 0; $i < $iter; $i++) {
156 $var = sha1(mt_rand());
157 for ($j = 0; $j < $rounds; $j++) {
161 $entropy .= $c1 . $c2;
166 $str .= sha1($entropy,
true);
168 }
while ($length >
strlen($str));
174 return substr($str, 0, $length);
188 $key = $this->site_secret->get(
true);
214 throw new \InvalidArgumentException(
'Length should be >= 1');
218 $numBytes = ceil($length * 0.75);
220 $string = substr(rtrim(base64_encode($bytes),
'='), 0, $length);
223 return strtr(
$string,
'+/',
'-_');
226 if ($chars == self::CHARS_HEX) {
229 return substr(bin2hex($bytes), 0, $length);
232 $listLen =
strlen($chars);
235 return str_repeat($chars, $length);
241 for ($i = 0; $i < $length; $i++) {
242 $pos = ($pos + ord($bytes[$i])) % $listLen;
263 $len1 = $this->
strlen($str1);
264 $len2 = $this->
strlen($str2);
265 if ($len1 !== $len2) {
270 for ($i = 0; $i < $len1; $i++) {
271 $status |= (ord($str1[$i]) ^ ord($str2[$i]));
274 return $status === 0;
295 protected function strlen($binary_string) {
296 if (function_exists(
'mb_strlen')) {
297 return mb_strlen($binary_string,
'8bit');
299 return strlen($binary_string);
areEqual($str1, $str2)
Are two strings equal (compared in constant time)?
const CHARS_PASSWORD
Character set for temp passwords (no risk of embedded profanity/glyphs that look similar) ...
getRandomBytes($length)
Generate a string of highly randomized bytes (over the full 8-bit range).
Component for creating HMAC tokens.
__construct(SiteSecret $site_secret=null)
Constructor.
const CHARS_HEX
Character set for hexadecimal.
getRandomString($length, $chars=null)
Generate a random string of specified length.
strlen($binary_string)
Count the number of bytes in a string.
getHmac($data, $algo= 'sha256', $key= '')
Get an HMAC token builder/validator object.