/** * Generate a UNIQUE string for a given file path to use as the identifier for the file * The string returned should be 32 characters in length * @param string $p_filepath File path. * @return string */ function file_generate_unique_name($p_filepath) { do { $t_string = md5(crypto_generate_random_string(32, false)); } while (!diskfile_is_name_unique($t_string, $p_filepath)); return $t_string; }
</span> <?php } else { ?> Updating Configuration File (config/config_inc.php)<br /> <?php } ?> </td> <?php # Generating the config_inc.php file # Automatically generate a strong master salt/nonce for MantisBT # cryptographic purposes. If a strong source of randomness is not # available the user will have to manually set this value post # installation. $t_crypto_master_salt = crypto_generate_random_string(32); if ($t_crypto_master_salt !== null) { $t_crypto_master_salt = base64_encode($t_crypto_master_salt); } $t_config = '<?php' . PHP_EOL . '$g_hostname = \'' . $f_hostname . '\';' . PHP_EOL . '$g_db_type = \'' . $f_db_type . '\';' . PHP_EOL . '$g_database_name = \'' . addslashes($f_database_name) . '\';' . PHP_EOL . '$g_db_username = \'' . addslashes($f_db_username) . '\';' . PHP_EOL . '$g_db_password = \'' . addslashes($f_db_password) . '\';' . PHP_EOL; switch ($f_db_type) { case 'db2': $t_config .= '$g_db_schema = \'' . $f_db_schema . '\';' . PHP_EOL; break; default: break; } $t_config .= PHP_EOL; # Add lines for table prefix/suffix if different from default $t_insert_line = false; foreach ($t_prefix_defaults['other'] as $t_key => $t_value) {
/** * Generate a nonce encoded using the base64 with URI safe alphabet approach * described in RFC4648. Note that the minimum length is rounded up to the next * number with a factor of 4 so that padding is never added to the end of the * base64 output. This means the '=' padding character is never present in the * output. Due to the reduced character set of base64 encoding, the actual * amount of entropy produced by this function for a given output string length * is 3/4 (0.75) that of raw unencoded output produced with the * crypto_generate_strong_random_string( $p_bytes ) function. * @param integer $p_minimum_length Minimum number of characters required for the nonce. * @return string Nonce encoded according to the base64 with URI safe alphabet approach described in RFC4648 */ function crypto_generate_uri_safe_nonce($p_minimum_length) { $t_length_mod4 = $p_minimum_length % 4; $t_adjusted_length = $p_minimum_length + 4 - ($t_length_mod4 ? $t_length_mod4 : 4); $t_raw_bytes_required = $t_adjusted_length / 4 * 3; if (!is_windows_server()) { $t_random_bytes = crypto_generate_strong_random_string($t_raw_bytes_required); } else { # It's currently not possible to generate strong random numbers # with PHP on Windows so we have to resort to using PHP's # built-in insecure PRNG. $t_random_bytes = crypto_generate_random_string($t_raw_bytes_required, false); } $t_base64_encoded = base64_encode($t_random_bytes); # Note: no need to translate trailing = padding characters because our # length rounding ensures that padding is never required. $t_random_nonce = strtr($t_base64_encoded, '+/', '-_'); return $t_random_nonce; }