/** * Encrypts a string using the specified key. Caches the result so that * expensive encryption does not need to happen more often than necessary. * * @static * @param string $string * @return string */ public static function encrypt($string) { if (!isset(self::$encryptedStrings)) { self::$encryptedStrings = array(); } if (!array_key_exists($string, self::$encryptedStrings)) { $iv = drupal_random_bytes(16); $iv_base64 = rtrim(base64_encode($iv), '='); // Guaranteed to be 22 char long $encrypted = openssl_encrypt($string, 'aes-256-cbc', self::$cryptoKey, 1, $iv); self::$encryptedStrings[$string] = '$' . $iv_base64 . base64_encode($encrypted); } return self::$encryptedStrings[$string]; }
/** * @param \Drufony\Bridge\Event\GetCallableForPhase $event */ public function onBootstrapFull(GetCallableForPhase $event) { $event->setCallable(function () { require_once DRUPAL_ROOT . '/includes/common.inc'; require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc'); require_once DRUPAL_ROOT . '/includes/theme.inc'; require_once DRUPAL_ROOT . '/includes/pager.inc'; require_once DRUPAL_ROOT . '/' . variable_get('menu_inc', 'includes/menu.inc'); require_once DRUPAL_ROOT . '/includes/tablesort.inc'; require_once DRUPAL_ROOT . '/includes/file.inc'; require_once DRUPAL_ROOT . '/includes/unicode.inc'; require_once DRUPAL_ROOT . '/includes/image.inc'; require_once DRUPAL_ROOT . '/includes/form.inc'; require_once DRUPAL_ROOT . '/includes/mail.inc'; require_once DRUPAL_ROOT . '/includes/actions.inc'; require_once DRUPAL_ROOT . '/includes/ajax.inc'; require_once DRUPAL_ROOT . '/includes/token.inc'; require_once DRUPAL_ROOT . '/includes/errors.inc'; // Detect string handling method unicode_check(); // Undo magic quotes fix_gpc_magic(); // Load all enabled modules module_load_all(); // Make sure all stream wrappers are registered. file_get_stream_wrappers(); // Ensure mt_rand is reseeded, to prevent random values from one page load // being exploited to predict random values in subsequent page loads. $seed = unpack("L", drupal_random_bytes(4)); mt_srand($seed[1]); $test_info =& $GLOBALS['drupal_test_info']; if (!empty($test_info['in_child_site'])) { // Running inside the simpletest child site, log fatal errors to test // specific file directory. ini_set('log_errors', 1); ini_set('error_log', 'public://error.log'); } // Initialize $_GET['q'] prior to invoking hook_init(). drupal_path_initialize(); // Remaining function calls from this phase of bootstrap must happen after // the user is authenticated because they initialize the theme and call // menu_get_item(). }); }
/** * Implements AcsfEventHandler::handle(). */ public function handle() { drush_print(dt('Entered @class', array('@class' => get_class($this)))); $options = $this->event->context['scrub_options']; variable_del('cron_last'); variable_del('cron_semaphore'); variable_del('node_cron_last'); variable_del('drupal_private_key'); variable_set('cron_key', drupal_hash_base64(drupal_random_bytes(55))); // Ensure Drupal filesystem related configuration variables are correct for // the new site. Consider the following variables: // - file_directory_path // - file_directory_temp // - file_private_path // - file_temporary_path // Given the AH environment for Gardens, we want to leave the temp paths // alone, and we want to delete the other variables, to ensure they reset to // their defaults (because of scarecrow, these shouldn't exist in the // variable table anyway). $file_path_variables = array('file_directory_path', 'file_private_path'); foreach ($file_path_variables as $variable) { variable_del($variable); } }
/** * Modify a solr base url and construct a hmac authenticator cookie. * * @param $url * The solr url beng requested - passed by reference and may be altered. * @param $string * A string - the data to be authenticated, or empty to just use the path * and query from the url to build the authenticator. * @param $derived_key * Optional string to supply the derived key. * * @return * An array containing the string to be added as the content of the * Cookie header to the request and the nonce. * * @see acquia_search_auth_cookie */ function authCookie(&$url, $string = '', $derived_key = NULL) { $uri = parse_url($url); // Add a scheme - should always be https if available. if (in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL')) { $scheme = 'https://'; $port = ''; } else { $scheme = 'http://'; $port = isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : ''; } $path = isset($uri['path']) ? $uri['path'] : '/'; $query = isset($uri['query']) ? '?' . $uri['query'] : ''; $url = $scheme . $uri['host'] . $port . $path . $query; // 32 character nonce. $nonce = base64_encode(drupal_random_bytes(24)); if ($string) { $auth_header = $this->authenticator($string, $nonce, $derived_key); } else { $auth_header = $this->authenticator($path . $query, $nonce, $derived_key); } return array($auth_header, $nonce); }
/** * Form API submit for install_settings form. */ function install_settings_form_submit($form, &$form_state) { global $install_state; $database = array_intersect_key($form_state['values']['_database'], array_flip(array('driver', 'database', 'username', 'password', 'host', 'port'))); // Update global settings array and save $settings['databases'] = array('value' => array('default' => array('default' => $database)), 'required' => TRUE); $settings['db_prefix'] = array('value' => $form_state['values']['db_prefix'], 'required' => TRUE); $settings['drupal_hash_salt'] = array('value' => sha1(drupal_random_bytes(64)), 'required' => TRUE); drupal_rewrite_settings($settings); // Indicate that the settings file has been verified, and check the database // for the last completed task, now that we have a valid connection. This // last step is important since we want to trigger an error if the new // database already has Drupal installed. $install_state['settings_verified'] = TRUE; $install_state['completed_task'] = install_verify_completed_task(); }
/** * Generates a random base 64-encoded salt prefixed with settings for the hash. * * Proper use of salts may defeat a number of attacks, including: * - The ability to try candidate passwords against multiple hashes at once. * - The ability to use pre-hashed lists of candidate passwords. * - The ability to determine whether two users have the same (or different) * password without actually having to guess one of the passwords. * * @param $count_log2 * Integer that determines the number of iterations used in the hashing * process. A larger value is more secure, but takes more time to complete. * * @return * A 12 character string containing the iteration count and a random salt. */ private function _password_generate_salt($count_log2) { $output = '$S$'; // Ensure that $count_log2 is within set bounds. $count_log2 = $this->_password_enforce_log2_boundaries($count_log2); // We encode the final log2 iteration count in base 64. $itoa64 = $this->_password_itoa64(); $output .= $itoa64[$count_log2]; // 6 bytes is the standard salt for a portable phpass hash. $output .= $this->_password_base64_encode(drupal_random_bytes(6), 6); return $output; }
/** * Generates a random base 64-encoded salt prefixed with settings for the hash. * * Proper use of salts may defeat a number of attacks, including: * - The ability to try candidate passwords against multiple hashes at once. * - The ability to use pre-hashed lists of candidate passwords. * - The ability to determine whether two users have the same (or different) * password without actually having to guess one of the passwords. * * @param $count_log2 * Integer that determines the number of iterations used in the hashing * process. A larger value is more secure, but takes more time to complete. * * @return * A 12 character string containing the iteration count and a random salt. */ function _password_generate_salt($count_log2) { $output = '$P$'; // Minimum log2 iterations is DRUPAL_MIN_HASH_COUNT. $count_log2 = max($count_log2, DRUPAL_MIN_HASH_COUNT); // Maximum log2 iterations is DRUPAL_MAX_HASH_COUNT. // We encode the final log2 iteration count in base 64. $itoa64 = _password_itoa64(); $output .= $itoa64[min($count_log2, DRUPAL_MAX_HASH_COUNT)]; // 6 bytes is the standard salt for a portable phpass hash. $output .= _password_base64_encode(drupal_random_bytes(6), 6); return $output; }
private function generateSecret() { $this->setPassword(md5(drupal_random_bytes(32))); }
/** * @param array $values */ public function __construct(array $values = array()) { // If this bootstrap object is used in a service, bootstrap.inc may // not have been included yet. If the file is not included, the // Drupal bootstrap constants are not available. require_once $values['DRUPAL_ROOT'] . '/includes/bootstrap.inc'; parent::__construct($values); /** * Sets up the script environment and loads settings.php. * * @see _drupal_bootstrap_configuration() */ $this[DRUPAL_BOOTSTRAP_CONFIGURATION] = $this->share(function () { // Start a page timer: timer_start('page'); // Initialize the configuration, including variables from settings.php. // drupal_settings_initialize(); global $base_url, $base_path, $base_root; // Export these settings.php variables to the global namespace. global $databases, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $db_prefix, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url; $conf = array(); if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) { include_once DRUPAL_ROOT . '/' . conf_path() . '/settings.php'; } $is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on'; if (isset($base_url)) { // Parse fixed base URL from settings.php. $parts = parse_url($base_url); if (!isset($parts['path'])) { $parts['path'] = ''; } $base_path = $parts['path'] . '/'; // Build $base_root (everything until first slash after "scheme://"). $base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path'])); } else { // Create base URL. $http_protocol = $is_https ? 'https' : 'http'; $base_root = $http_protocol . '://' . $_SERVER['HTTP_HOST']; $base_url = $base_root; // $_SERVER['SCRIPT_NAME'] can, in contrast to $_SERVER['PHP_SELF'], not // be modified by a visitor. if ($dir = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\\/')) { $base_path = $dir; $base_url .= $base_path; $base_path .= '/'; } else { $base_path = '/'; } } $base_secure_url = str_replace('http://', 'https://', $base_url); $base_insecure_url = str_replace('https://', 'http://', $base_url); // We do not mess with cookie or session settings in Drupal at all. }); // DRUPAL_BOOTSTRAP_PAGE_CACHE only loads the cache handler. $this[DRUPAL_BOOTSTRAP_PAGE_CACHE] = $this->share(function () { // Allow specifying special cache handlers in settings.php, like // using memcached or files for storing cache information. require_once DRUPAL_ROOT . '/includes/cache.inc'; foreach (variable_get('cache_backends', array()) as $include) { require_once DRUPAL_ROOT . '/' . $include; } }); // DRUPAL_BOOTSTRAP_DATABASE - in parent class. $this[DRUPAL_BOOTSTRAP_VARIABLES] = $this->share($this->extend(DRUPAL_BOOTSTRAP_VARIABLES, function () { if (isset($GLOBALS['service_container']) && is_a($GLOBALS['service_container'], 'Symfony\\Component\\DependencyInjection\\ContainerInterface')) { /** @var \Symfony\Component\DependencyInjection\ContainerInterface $container */ $container = $GLOBALS['service_container']; $GLOBALS['conf']['session_inc'] = $container->getParameter('bangpound_drupal.conf.session_inc'); $GLOBALS['conf']['mail_system']['default-system'] = $container->getParameter('bangpound_drupal.conf.mail_system.default_system'); } })); // DRUPAL_BOOTSTRAP_SESSION - in base class. $this[DRUPAL_BOOTSTRAP_PAGE_HEADER] = $this->share(function () { bootstrap_invoke_all('boot'); }); // DRUPAL_BOOTSTRAP_LANGUAGE $this[DRUPAL_BOOTSTRAP_FULL] = $this->share(function () { require_once DRUPAL_ROOT . '/includes/common.inc'; require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc'); require_once DRUPAL_ROOT . '/includes/theme.inc'; require_once DRUPAL_ROOT . '/includes/pager.inc'; require_once DRUPAL_ROOT . '/' . variable_get('menu_inc', 'includes/menu.inc'); require_once DRUPAL_ROOT . '/includes/tablesort.inc'; require_once DRUPAL_ROOT . '/includes/file.inc'; require_once DRUPAL_ROOT . '/includes/unicode.inc'; require_once DRUPAL_ROOT . '/includes/image.inc'; require_once DRUPAL_ROOT . '/includes/form.inc'; require_once DRUPAL_ROOT . '/includes/mail.inc'; require_once DRUPAL_ROOT . '/includes/actions.inc'; require_once DRUPAL_ROOT . '/includes/ajax.inc'; require_once DRUPAL_ROOT . '/includes/token.inc'; require_once DRUPAL_ROOT . '/includes/errors.inc'; // Detect string handling method unicode_check(); // Undo magic quotes fix_gpc_magic(); // Load all enabled modules module_load_all(); // Make sure all stream wrappers are registered. file_get_stream_wrappers(); // Ensure mt_rand is reseeded, to prevent random values from one page load // being exploited to predict random values in subsequent page loads. $seed = unpack("L", drupal_random_bytes(4)); mt_srand($seed[1]); $test_info =& $GLOBALS['drupal_test_info']; if (!empty($test_info['in_child_site'])) { // Running inside the simpletest child site, log fatal errors to test // specific file directory. ini_set('log_errors', 1); ini_set('error_log', 'public://error.log'); } // Initialize $_GET['q'] prior to invoking hook_init(). drupal_path_initialize(); // Remaining function calls from this phase of bootstrap must happen after // the user is authenticated because they initialize the theme and call // menu_get_item(). }); }