getRandomString() public method

Uses supplied character list for generating the new string. If no character list provided - uses Base64 URL character set.
See also: https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179
public getRandomString ( integer $length, string | null $chars = null ) : string
$length integer Desired length of the string
$chars string | null Characters to be chosen from randomly. If not given, the Base64 URL charset will be used.
return string The random string
Esempio n. 1
0
/**
 * Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
 *
 * Used during installation and saves as a datalist.
 *
 * Note: Old secrets were hex encoded.
 *
 * @return mixed The site secret hash or false
 * @access private
 * @todo Move to better file.
 */
function init_site_secret()
{
    $secret = 'z' . ElggCrypto::getRandomString(31);
    if (datalist_set('__site_secret__', $secret)) {
        return $secret;
    }
    return FALSE;
}
Esempio n. 2
0
/**
 * Generate an 8 character Base64 URL salt for the password
 *
 * @return string
 * @access private
 */
function _elgg_generate_password_salt()
{
    return ElggCrypto::getRandomString(8);
}
Esempio n. 3
0
/**
 * Initialises the system session and potentially logs the user in
 *
 * This function looks for:
 *
 * 1. $_SESSION['id'] - if not present, we're logged out, and this is set to 0
 * 2. The cookie 'elggperm' - if present, checks it for an authentication
 * token, validates it, and potentially logs the user in
 *
 * @uses $_SESSION
 *
 * @return bool
 * @access private
 */
function _elgg_session_boot()
{
    global $DB_PREFIX, $CONFIG;
    // Use database for sessions
    // HACK to allow access to prefix after object destruction
    $DB_PREFIX = $CONFIG->dbprefix;
    if (!isset($CONFIG->use_file_sessions)) {
        session_set_save_handler("_elgg_session_open", "_elgg_session_close", "_elgg_session_read", "_elgg_session_write", "_elgg_session_destroy", "_elgg_session_gc");
    }
    session_name('Elgg');
    session_start();
    // Generate a simple token (private from potentially public session id)
    if (!isset($_SESSION['__elgg_session'])) {
        $_SESSION['__elgg_session'] = ElggCrypto::getRandomString(32, ElggCrypto::CHARS_HEX);
    }
    // test whether we have a user session
    if (empty($_SESSION['guid'])) {
        // clear session variables before checking cookie
        unset($_SESSION['user']);
        unset($_SESSION['id']);
        unset($_SESSION['guid']);
        unset($_SESSION['code']);
        // is there a remember me cookie
        if (!empty($_COOKIE['elggperm'])) {
            // we have a cookie, so try to log the user in
            $code = $_COOKIE['elggperm'];
            $code = md5($code);
            if ($user = get_user_by_code($code)) {
                // we have a user, log him in
                $_SESSION['user'] = $user;
                $_SESSION['id'] = $user->getGUID();
                $_SESSION['guid'] = $_SESSION['id'];
                $_SESSION['code'] = $_COOKIE['elggperm'];
            } else {
                if (_elgg_is_legacy_remember_me_token($_COOKIE['elggperm'])) {
                    // may be attempt to brute force legacy low-entropy codes
                    sleep(1);
                }
                setcookie("elggperm", "", time() - 86400 * 30, "/");
            }
        }
    } else {
        // we have a session and we have already checked the fingerprint
        // reload the user object from database in case it has changed during the session
        if ($user = get_user($_SESSION['guid'])) {
            $_SESSION['user'] = $user;
            $_SESSION['id'] = $user->getGUID();
            $_SESSION['guid'] = $_SESSION['id'];
        } else {
            // user must have been deleted with a session active
            unset($_SESSION['user']);
            unset($_SESSION['id']);
            unset($_SESSION['guid']);
            unset($_SESSION['code']);
            if (!empty($_COOKIE['elggperm']) && _elgg_is_legacy_remember_me_token($_COOKIE['elggperm'])) {
                // replace user's old weaker-entropy code with new one
                $code = _elgg_generate_remember_me_token();
                $_SESSION['code'] = $code;
                $user->code = md5($code);
                $user->save();
                setcookie("elggperm", $code, time() + 86400 * 30, "/");
            }
        }
    }
    if (isset($_SESSION['guid'])) {
        set_last_action($_SESSION['guid']);
    }
    elgg_register_action('login', '', 'public');
    elgg_register_action('logout');
    // Register a default PAM handler
    register_pam_handler('pam_auth_userpass');
    // Initialise the magic session
    global $SESSION;
    $SESSION = new ElggSession();
    // Finally we ensure that a user who has been banned with an open session is kicked.
    if (isset($_SESSION['user']) && $_SESSION['user']->isBanned()) {
        session_destroy();
        return false;
    }
    return true;
}