| Zeile 5578 | Zeile 5578 |
|---|
function secure_seed_rng($count=8)
{
$output = '';
|
function secure_seed_rng($count=8)
{
$output = '';
|
// Try the OpenSSL method first. This is the strongest.
if(function_exists('openssl_random_pseudo_bytes'))
{
$output = openssl_random_pseudo_bytes($count, $strong);
if($strong !== true)
{
$output = '';
}
}
if($output == '')
|
// Try the unix/linux method
if(@is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb')))
|
{
|
{
|
// Then try the unix/linux method
if(@is_readable('/dev/urandom') && ($handle = @fopen('/dev/urandom', 'rb')))
{
$output = @fread($handle, $count);
@fclose($handle);
}
| $output = @fread($handle, $count);
@fclose($handle);
|
}
// Didn't work? Do we still not have enough bytes? Use our own (less secure) rng generator
| }
// Didn't work? Do we still not have enough bytes? Use our own (less secure) rng generator
|
| Zeile 5607 | Zeile 5593 |
|---|
// Close to what PHP basically uses internally to seed, but not quite.
$unique_state = microtime().@getmypid();
|
// Close to what PHP basically uses internally to seed, but not quite.
$unique_state = microtime().@getmypid();
|
|
|
for($i = 0; $i < $count; $i += 16)
{
$unique_state = md5(microtime().$unique_state);
$output .= pack('H*', md5($unique_state));
|
for($i = 0; $i < $count; $i += 16)
{
$unique_state = md5(microtime().$unique_state);
$output .= pack('H*', md5($unique_state));
|
}
}
| }
}
|
// /dev/urandom and openssl will always be twice as long as $count. base64_encode will roughly take up 33% more space but crc32 will put it to 32 characters
$output = hexdec(substr(dechex(crc32(base64_encode($output))), 0, $count));
| // /dev/urandom and openssl will always be twice as long as $count. base64_encode will roughly take up 33% more space but crc32 will put it to 32 characters
$output = hexdec(substr(dechex(crc32(base64_encode($output))), 0, $count));
|
| Zeile 5632 | Zeile 5618 |
|---|
function my_rand($min=null, $max=null, $force_seed=false)
{
static $seeded = false;
|
function my_rand($min=null, $max=null, $force_seed=false)
{
static $seeded = false;
|
| static $obfuscator = 0;
|
if($seeded == false || $force_seed == true)
|
if($seeded == false || $force_seed == true)
|
{
| {
|
mt_srand(secure_seed_rng());
$seeded = true;
|
mt_srand(secure_seed_rng());
$seeded = true;
|
| |
$obfuscator = abs((int) secure_seed_rng());
// Ensure that $obfuscator is <= mt_getrandmax() for 64 bit systems.
if($obfuscator > mt_getrandmax())
{
$obfuscator -= mt_getrandmax();
}
|
}
|
}
|
|
|
if($min !== null && $max !== null)
{
|
if($min !== null && $max !== null)
{
|
return mt_rand($min, $max);
| $distance = $max - $min;
if ($distance > 0)
{
return $min + (int)((float)($distance + 1) * (float)(mt_rand() ^ $obfuscator) / (mt_getrandmax() + 1));
}
else
{
return mt_rand($min, $max);
}
|
}
else
{
|
}
else
{
|
return mt_rand();
| $val = mt_rand() ^ $obfuscator;
return $val;
|
}
}
| }
}
|