This repository was archived by the owner on May 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 117
Expand file tree
/
Copy pathclass.Randomizer.php
More file actions
executable file
·187 lines (170 loc) · 6.78 KB
/
class.Randomizer.php
File metadata and controls
executable file
·187 lines (170 loc) · 6.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
<?php
/**
* OWASP Enterprise Security API (ESAPI)
*
* This file is part of the Open Web Application Security Project (OWASP)
* Enterprise Security API (ESAPI) project. For details, please see
* <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a>.
*
* Copyright (c) 2009 The OWASP Foundation
*
* The ESAPI is published by OWASP under the BSD license. You should read and accept the
* LICENSE before you use, modify, and/or redistribute this software.
*
* @author Andrew van der Stock
* @created 2009
* @since 1.6
* @package ESAPI_Reference
*/
require_once dirname(__FILE__) . '/../src/Randomizer.php';
class Randomizer_impl implements Randomizer
{
private $maxRand;
function __construct()
{
$this->maxRand = mt_getrandmax();
}
/**
* Gets a random string of a desired length and character set. The use of java.security.SecureRandom
* is recommended because it provides a cryptographically strong pseudo-random number generator.
* If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
* statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
* FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
*
* @param length
* the length of the string
* @param characterSet
* the set of characters to include in the created random string
*
* @return
* the random string of the desired length and character set
*/
function getRandomString($numChars, $charset)
{
if ( $numChars < 1 || strlen($charset) < 2 ) {
throw new InvalidArgumentException();
}
$l = strlen($charset) - 1;
$rs = '';
for ($i = 0; $i < $numChars; $i++)
{
$rs .= $charset[mt_rand(0, $l)];
}
return $rs;
}
/**
* Returns a random boolean. The use of java.security.SecureRandom
* is recommended because it provides a cryptographically strong pseudo-random number generator.
* If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
* statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
* FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
*
* @return
* true or false, randomly
*/
function getRandomBoolean()
{
return (( mt_rand(0, 100) % 2) ? true : false);
}
/**
* Gets the random integer. The use of java.security.SecureRandom
* is recommended because it provides a cryptographically strong pseudo-random number generator.
* If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
* statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
* FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
*
* @param min
* the minimum integer that will be returned
* @param max
* the maximum integer that will be returned
*
* @return
* the random integer
*/
function getRandomInteger($min, $max)
{
return mt_rand($min, $max);
}
/**
* Gets the random long. The use of java.security.SecureRandom
* is recommended because it provides a cryptographically strong pseudo-random number generator.
* If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
* statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
* FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
*
* mt_rand() without arguments will return between 0 and mt_getrandmax(). That's about as good as PHP gets
*
* @return
* the random long
*/
function getRandomLong()
{
return mt_rand();
}
/**
* Returns an unguessable random filename with the specified extension. This method could call
* getRandomString(length, charset) from this Class with the desired length and alphanumerics as the charset
* then merely append "." + extension.
*
* @param extension
* extension to add to the random filename
*
* @return
* a random unguessable filename ending with the specified extension
*/
function getRandomFilename($extension = '')
{
// Because PHP runs on case insensitive OS as well as case sensitive OS, only use lowercase
$rs = $this->getRandomString(16, 'abcdefghijklmnopqrstuvxyz0123456789');
$rs .= $extension;
return $rs;
}
/**
* Gets the random real. The use of java.security.SecureRandom
* is recommended because it provides a cryptographically strong pseudo-random number generator.
* If SecureRandom is not used, the pseudo-random number gernerator used should comply with the
* statistical random number generator tests specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm">
* FIPS 140-2, Security Requirements for Cryptographic Modules</a>, section 4.9.1.
*
* @param min
* the minimum real number that will be returned
* @param max
* the maximum real number that will be returned
*
* @return
* the random real
*/
function getRandomReal($min, $max)
{
$rf = (float) (mt_rand() / $this->maxRand); // Maximizes the random bit counts from the PHP PRNG
$factor = $max - $min;
return (float) ($rf * $factor + $min);
}
/**
* Generates a random GUID. This method could use a hash of random Strings, the current time,
* and any other random data available. The format is a well-defined sequence of 32 hex digits
* grouped into chunks of 8-4-4-4-12.
*
* Function from comments found on http://php.net/uniqid
*
* @return
* the GUID
*
* @throws
* EncryptionException if hashing or encryption fails
*/
function getRandomGUID()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
mt_rand(0, 65535), mt_rand(0, 65535), // 32 bits for "time_low"
mt_rand(0, 65535), // 16 bits for "time_mid"
mt_rand(0, 4095), // 12 bits before the 0100 of (version) 4 for "time_hi_and_version"
bindec(substr_replace(sprintf('%016b', mt_rand(0, 65535)), '01', 6, 2)),
// 8 bits, the last two of which (positions 6 and 7) are 01, for "clk_seq_hi_res"
// (hence, the 2nd hex digit after the 3rd hyphen can only be 1, 5, 9 or d)
// 8 bits for "clk_seq_low"
mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535) // 48 bits for "node"
);
}
}
?>