Skip to content

Instantly share code, notes, and snippets.

/testpass.php

Created November 18, 2015 01:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/4f8337b94ffc459d9431 to your computer and use it in GitHub Desktop.
Save anonymous/4f8337b94ffc459d9431 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
testpass.php
<?php
// edit password below:
$pass = 'testpass';
function secure_seed_rng($count=8)
{
$output = '';
// DIRECTORY_SEPARATOR checks if running windows
if(DIRECTORY_SEPARATOR != '\\')
{
// Unix/Linux
// Use OpenSSL when available
if(function_exists('openssl_random_pseudo_bytes'))
{
$output = openssl_random_pseudo_bytes($count);
}
// Try mcrypt
elseif(function_exists('mcrypt_create_iv'))
{
$output = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM);
}
// Try /dev/urandom
elseif(@is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb')))
{
$output = @fread($handle, $count);
@fclose($handle);
}
}
else
{
// Windows
// Use OpenSSL when available
// PHP <5.3.4 had a bug which makes that function unusable on Windows
if(function_exists('openssl_random_pseudo_bytes') && version_compare(PHP_VERSION, '5.3.4', '>='))
{
$output = openssl_random_pseudo_bytes($count);
}
// Try mcrypt
elseif(function_exists('mcrypt_create_iv'))
{
$output = mcrypt_create_iv($count, MCRYPT_RAND);
}
// Try Windows CAPICOM before using our own generator
elseif(class_exists('COM'))
{
try
{
$CAPI_Util = new COM('CAPICOM.Utilities.1');
if(is_callable(array($CAPI_Util, 'GetRandom')))
{
$output = $CAPI_Util->GetRandom($count, 0);
}
} catch (Exception $e) {
}
}
}
// Didn't work? Do we still not have enough bytes? Use our own (less secure) rng generator
if(strlen($output) < $count)
{
$output = '';
// Close to what PHP basically uses internally to seed, but not quite.
$unique_state = microtime().@getmypid();
for($i = 0; $i < $count; $i += 16)
{
$unique_state = md5(microtime().$unique_state);
$output .= pack('H*', md5($unique_state));
}
}
// /dev/urandom and openssl will always be twice as long as $count. base64_encode will roughly take up 33% more space but crc32 will put it to 32 characters
$output = hexdec(substr(dechex(crc32(base64_encode($output))), 0, $count));
return $output;
}
function my_rand($min=null, $max=null, $force_seed=false)
{
static $seeded = false;
static $obfuscator = 0;
if($seeded == false || $force_seed == true)
{
mt_srand(secure_seed_rng());
$seeded = true;
$obfuscator = abs((int) secure_seed_rng());
// Ensure that $obfuscator is <= mt_getrandmax() for 64 bit systems.
if($obfuscator > mt_getrandmax())
{
$obfuscator -= mt_getrandmax();
}
}
if($min !== null && $max !== null)
{
$distance = $max - $min;
if ($distance > 0)
{
return $min + (int)((float)($distance + 1) * (float)(mt_rand() ^ $obfuscator) / (mt_getrandmax() + 1));
}
else
{
return mt_rand($min, $max);
}
}
else
{
$val = mt_rand() ^ $obfuscator;
return $val;
}
}
function random_str($length="8")
{
$set = array("a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J","k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T","u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8","9");
$str = '';
for($i = 1; $i <= $length; ++$i)
{
$ch = my_rand(0, count($set)-1);
$str .= $set[$ch];
}
return $str;
}
/**
* Generates a random salt
*
* @return string The salt.
*/
function generate_salt()
{
return random_str(8);
}
/**
* Salts a password based on a supplied salt.
*
* @param string The md5()'ed password.
* @param string The salt.
* @return string The password hash.
*/
function salt_password($password, $salt)
{
return md5(md5($salt).$password);
}
$md5pass = md5($pass);
$salt = generate_salt();
$salted_pass = salt_password($md5pass, $salt);
// echo out 'Password' field
echo $salted_pass.$salt;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment