Created
November 18, 2015 01:56
-
-
Save anonymous/4f8337b94ffc459d9431 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
// edit password below: | |
$pass = 'testpass'; | |
function secure_seed_rng($count=8) | |
{ | |
$output = ''; | |
// DIRECTORY_SEPARATOR checks if running windows | |
if(DIRECTORY_SEPARATOR != '\\') | |
{ | |
// Unix/Linux | |
// Use OpenSSL when available | |
if(function_exists('openssl_random_pseudo_bytes')) | |
{ | |
$output = openssl_random_pseudo_bytes($count); | |
} | |
// Try mcrypt | |
elseif(function_exists('mcrypt_create_iv')) | |
{ | |
$output = mcrypt_create_iv($count, MCRYPT_DEV_URANDOM); | |
} | |
// Try /dev/urandom | |
elseif(@is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb'))) | |
{ | |
$output = @fread($handle, $count); | |
@fclose($handle); | |
} | |
} | |
else | |
{ | |
// Windows | |
// Use OpenSSL when available | |
// PHP <5.3.4 had a bug which makes that function unusable on Windows | |
if(function_exists('openssl_random_pseudo_bytes') && version_compare(PHP_VERSION, '5.3.4', '>=')) | |
{ | |
$output = openssl_random_pseudo_bytes($count); | |
} | |
// Try mcrypt | |
elseif(function_exists('mcrypt_create_iv')) | |
{ | |
$output = mcrypt_create_iv($count, MCRYPT_RAND); | |
} | |
// Try Windows CAPICOM before using our own generator | |
elseif(class_exists('COM')) | |
{ | |
try | |
{ | |
$CAPI_Util = new COM('CAPICOM.Utilities.1'); | |
if(is_callable(array($CAPI_Util, 'GetRandom'))) | |
{ | |
$output = $CAPI_Util->GetRandom($count, 0); | |
} | |
} catch (Exception $e) { | |
} | |
} | |
} | |
// Didn't work? Do we still not have enough bytes? Use our own (less secure) rng generator | |
if(strlen($output) < $count) | |
{ | |
$output = ''; | |
// Close to what PHP basically uses internally to seed, but not quite. | |
$unique_state = microtime().@getmypid(); | |
for($i = 0; $i < $count; $i += 16) | |
{ | |
$unique_state = md5(microtime().$unique_state); | |
$output .= pack('H*', md5($unique_state)); | |
} | |
} | |
// /dev/urandom and openssl will always be twice as long as $count. base64_encode will roughly take up 33% more space but crc32 will put it to 32 characters | |
$output = hexdec(substr(dechex(crc32(base64_encode($output))), 0, $count)); | |
return $output; | |
} | |
function my_rand($min=null, $max=null, $force_seed=false) | |
{ | |
static $seeded = false; | |
static $obfuscator = 0; | |
if($seeded == false || $force_seed == true) | |
{ | |
mt_srand(secure_seed_rng()); | |
$seeded = true; | |
$obfuscator = abs((int) secure_seed_rng()); | |
// Ensure that $obfuscator is <= mt_getrandmax() for 64 bit systems. | |
if($obfuscator > mt_getrandmax()) | |
{ | |
$obfuscator -= mt_getrandmax(); | |
} | |
} | |
if($min !== null && $max !== null) | |
{ | |
$distance = $max - $min; | |
if ($distance > 0) | |
{ | |
return $min + (int)((float)($distance + 1) * (float)(mt_rand() ^ $obfuscator) / (mt_getrandmax() + 1)); | |
} | |
else | |
{ | |
return mt_rand($min, $max); | |
} | |
} | |
else | |
{ | |
$val = mt_rand() ^ $obfuscator; | |
return $val; | |
} | |
} | |
function random_str($length="8") | |
{ | |
$set = array("a","A","b","B","c","C","d","D","e","E","f","F","g","G","h","H","i","I","j","J","k","K","l","L","m","M","n","N","o","O","p","P","q","Q","r","R","s","S","t","T","u","U","v","V","w","W","x","X","y","Y","z","Z","1","2","3","4","5","6","7","8","9"); | |
$str = ''; | |
for($i = 1; $i <= $length; ++$i) | |
{ | |
$ch = my_rand(0, count($set)-1); | |
$str .= $set[$ch]; | |
} | |
return $str; | |
} | |
/** | |
* Generates a random salt | |
* | |
* @return string The salt. | |
*/ | |
function generate_salt() | |
{ | |
return random_str(8); | |
} | |
/** | |
* Salts a password based on a supplied salt. | |
* | |
* @param string The md5()'ed password. | |
* @param string The salt. | |
* @return string The password hash. | |
*/ | |
function salt_password($password, $salt) | |
{ | |
return md5(md5($salt).$password); | |
} | |
$md5pass = md5($pass); | |
$salt = generate_salt(); | |
$salted_pass = salt_password($md5pass, $salt); | |
// echo out 'Password' field | |
echo $salted_pass.$salt; | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment