Online PHP editor | refs for NvJnV

<?php if (!function_exists('random_bytes')) { /** * PHP 5.2.0 - 5.6.x way to implement random_bytes() * * In order of preference: * 1. mcrypt_create_iv($bytes, MCRYPT_CREATE_IV) * 2. fread() /dev/arandom if available * 3. fread() /dev/urandom if available * 4. COM('CAPICOM.Utilities.1')->GetRandom() * 5. openssl_random_pseudo_bytes() */ if (function_exists('mcrypt_create_iv') && version_compare(PHP_VERSION, '5.3.7') >= 0) { /** * Powered by ext/mcrypt * * @param int $bytes * @return string */ function random_bytes($bytes) { if (!is_int($bytes)) { throw new Exception( 'Length must be an integer' ); } if ($bytes < 1) { throw new Exception( 'Length must be greater than 0' ); } // See PHP bug #55169 for why 5.3.7 is required $buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM); if ($buf !== false) { if (RandomCompat_strlen($buf) === $bytes) { return $buf; } } /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } elseif (!ini_get('open_basedir') && (is_readable('/dev/arandom') || is_readable('/dev/urandom'))) { /** * Use /dev/arandom or /dev/urandom for random numbers * * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers * * @param int $bytes * @return string */ function random_bytes($bytes) { static $fp = null; if ($fp === null) { if (is_readable('/dev/arandom')) { $fp = fopen('/dev/arandom', 'rb'); } else { $fp = fopen('/dev/urandom', 'rb'); } } if ($fp !== false) { $streamset = stream_set_read_buffer($fp, 0); if ($streamset === 0) { $remaining = $bytes; $buf = ''; do { $read = fread($fp, $remaining); if ($read === false) { // We cannot safely read from urandom. $buf = false; break; } // Decrease the number of bytes returned from remaining $remaining -= RandomCompat_strlen($read); $buf .= $read; } while ($remaining > 0); if ($buf !== false) { if (RandomCompat_strlen($buf) === $bytes) { /** * Return our random entropy buffer here: */ return $buf; } } } } /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } elseif (extension_loaded('com_dotnet')) { /** * Windows with PHP < 5.3.0 will not have the function * openssl_random_pseudo_bytes() available, so let's use * CAPICOM to work around this deficiency. * * @param int $bytes * @return string */ function random_bytes($bytes) { $buf = ''; $util = new COM('CAPICOM.Utilities.1'); $execCount = 0; /** * Let's not let it loop forever. If we run N times and fail to * get N bytes of random data, then CAPICOM has failed us. */ do { $buf .= base64_decode($util->GetRandom($bytes, 0)); if (RandomCompat_strlen($buf) >= $bytes) { return RandomCompat_substr($buf, 0, $bytes); } ++$execCount; } while ($execCount < $bytes); /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } elseif (function_exists('openssl_random_pseudo_bytes')) { /** * Since openssl_random_pseudo_bytes() uses openssl's * RAND_pseudo_bytes() API, which has been marked as deprecated by the * OpenSSL team, this is our last resort before failure. * * @ref https://www.openssl.org/docs/crypto/RAND_bytes.html * * @param int $bytes * @return string */ function random_bytes($bytes) { $secure = true; $buf = openssl_random_pseudo_bytes($bytes, $secure); if ($buf !== false && $secure) { if (RandomCompat_strlen($buf) === $bytes) { return $buf; } } /** * If we reach here, PHP has failed us. */ throw new Exception( 'PHP failed to generate random data.' ); } } else { /** * We don't have any more options, so let's throw an exception right now */ throw new Exception( 'There is no suitable CSPRNG installed on your system' ); } } if (!function_exists('RandomCompat_strlen')) { if (function_exists('mb_substr')) { /** * strlen() implementation that isn't brittle to mbstring.func_overload * * This version uses mb_strlen() in '8bit' mode to treat strings as raw * binary rather than UTF-8, ISO-8859-1, etc * * @param string $binary_string * * @return int */ function RandomCompat_strlen($binary_string) { if (!is_string($binary_string)) { throw new InvalidArgumentException( 'RandomCompat_strlen() expects a string' ); } return mb_strlen($binary_string, '8bit'); } } else { /** * strlen() implementation that isn't brittle to mbstring.func_overload * * This version just used the default strlen() * * @param string $binary_string * * @return int */ function RandomCompat_strlen($binary_string) { if (!is_string($binary_string)) { throw new InvalidArgumentException( 'RandomCompat_strlen() expects a string' ); } return strlen($binary_string); } } } if (!function_exists('RandomCompat_substr')) { if (function_exists('mb_substr')) { /** * substr() implementation that isn't brittle to mbstring.func_overload * * This version uses mb_substr() in '8bit' mode to treat strings as raw * binary rather than UTF-8, ISO-8859-1, etc * * @param string $binary_string * @param int $start * @param int $length (optional) * * @return string */ function RandomCompat_substr($binary_string, $start, $length = null) { if (!is_string($binary_string)) { throw new InvalidArgumentException( 'RandomCompat_substr(): First argument should be a string' ); } if (!is_int($start)) { throw new InvalidArgumentException( 'RandomCompat_substr(): Second argument should be an integer' ); } if ($length === null) { /** * mb_substr($str, 0, NULL, '8bit') returns an empty string on * PHP 5.3, so we have to find the length ourselves. */ $length = RandomCompat_strlen($length) - $start; } elseif (!is_int($length)) { throw new InvalidArgumentException( 'RandomCompat_substr(): Third argument should be an integer, or omitted' ); } return mb_substr($binary_string, $start, $length, '8bit'); } } else { /** * substr() implementation that isn't brittle to mbstring.func_overload * * This version just used the default substr() * * @param string $binary_string * @param int $start * @param int $length (optional) * * @return string */ function RandomCompat_substr($binary_string, $start, $length = null) { if (!is_string($binary_string)) { throw new InvalidArgumentException( 'RandomCompat_substr(): First argument should be a string' ); } if (!is_int($start)) { throw new InvalidArgumentException( 'RandomCompat_substr(): Second argument should be an integer' ); } if ($length !== null) { if (!is_int($length)) { throw new InvalidArgumentException( 'RandomCompat_substr(): Third argument should be an integer, or omitted' ); } return substr($binary_string, $start, $length); } return substr($binary_string, $start); } } } var_dump( implode('-', [ bin2hex(random_bytes(4)), bin2hex(random_bytes(2)), bin2hex(\chr((\ord(random_bytes(1)) & 0x0F) | 0x40)) . bin2hex(random_bytes(1)), bin2hex(\chr((\ord(random_bytes(1)) & 0x3F) | 0x80)) . bin2hex(random_bytes(1)), bin2hex(random_bytes(12)) ]) );