*/
private $extraSalt = "";
+ /**
+ * Fixed salt for secured hashing
+ */
+ private $fixedSalt = "";
+
/**
* Maximum length for random string
*/
if ($this->getConfigInstance()->readConfig('is_single_server') == "Y") {
// Then use that IP for extra security
$serverIp = getenv('SERVER_ADDR');
- }
+ } // END - if
+
+ // Yet-another fixed salt. This is not dependend on server software or date
+ $this->fixedSalt = sha1($serverIp . ":" . serialize($this->getDatabaseInstance()->getConnectionData()));
// One-way data we need for "extra-salting" the random number
/* @TODO Add site key for stronger salt! */
- $this->extraSalt = sha1($serverIp . ":" . getenv('SERVER_SOFTWARE') . ":" . $this->getConfigInstance()->readConfig('date_key') . ":" . serialize($this->getDatabaseInstance()->getConnectionData()));
+ $this->extraSalt = sha1($this->fixedSalt . ":" . getenv('SERVER_SOFTWARE') . ":" . $this->getConfigInstance()->readConfig('date_key'));
// Get config entry for max salt length
$this->rndStrLen = $this->getConfigInstance()->readConfig('rnd_str_length');
$randomString .= chr($this->randomNumnber(0, 255));
}
- // Return the random string mixed up
+ // Return the random string a little mixed up
return str_shuffle($randomString);
}
* @return $num Pseudo-random number
*/
public function randomNumnber ($min, $max) {
- /* @TODO I had a better random number generator here */
+ /* @TODO I had a better random number generator here but now it is somewhere lost :( */
return mt_rand($min, $max);
}
public final function getExtraSalt () {
return $this->extraSalt;
}
+
+ /**
+ * Getter for fixed salt
+ *
+ * @return $fixedSalt
+ */
+ public final function getFixedSalt () {
+ return $this->fixedSalt;
+ }
}
// [EOF]