0001435: Generate random string at install

Index: install.php =================================================================== --- install.php (revision 15648) +++ install.php (working copy) @@ -668,6 +668,8 @@ // for now we set "In-Portal" module version to "Core" module version (during clean install) $this->toolkit->SetModuleVersion('In-Portal', 'core/'); + + $this->toolkit->generateRandomString(); } break; Index: install/english.lang =================================================================== --- install/english.lang (revision 15648) +++ install/english.lang (working copy) @@ -193,6 +193,7 @@ <PHRASE Label="la_config_PathToWebsite" Module="Core" Type="1">UGF0aCB0byBXZWJzaXRl</PHRASE> <PHRASE Label="la_config_PerformExactSearch" Module="Core" Type="1" Hint="U2VhcmNoIGZvciBhbGwgZW50ZXJlZCBrZXl3b3JkcywgaW5zdGVhZCBvZiBhbnkgb25lIG9mIHRoZW0=">UGVyZm9ybSBFeGFjdCBTZWFyY2g=</PHRASE> <PHRASE Label="la_config_PerpageReviews" Module="Core" Type="1">Q29tbWVudHMgcGVyIHBhZ2U=</PHRASE> + <PHRASE Label="la_config_RandomString" Module="Core" Type="1">UmFuZG9tIFN0cmluZw==</PHRASE> <PHRASE Label="la_config_RecycleBinFolder" Module="Core" Type="1">IlJlY3ljbGUgQmluIiBTZWN0aW9uSWQ=</PHRASE> <PHRASE Label="la_config_RegistrationUsernameRequired" Module="Core" Type="1">VXNlcm5hbWUgUmVxdWlyZWQgRHVyaW5nIFJlZ2lzdHJhdGlvbg==</PHRASE> <PHRASE Label="la_config_RememberLastAdminTemplate" Module="Core" Type="1">UmVzdG9yZSBsYXN0IHZpc2l0ZWQgQWRtaW4gU2VjdGlvbiBhZnRlciBMb2dpbg==</PHRASE> Index: install/install_data.sql =================================================================== --- install/install_data.sql (revision 15648) +++ install/install_data.sql (working copy) @@ -97,6 +97,7 @@ INSERT INTO SystemSettings VALUES(DEFAULT, 'Backup_Path', '/home/alex/web/in-portal.rc/system/backupdata', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_backup_path', 'text', '', '', 60.06, 0, 1, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'SystemTagCache', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_prompt_syscache_enable', 'checkbox', NULL, NULL, 60.07, 0, 0, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'SocketBlockingMode', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_prompt_socket_blocking_mode', 'checkbox', NULL, NULL, 60.08, 0, 0, NULL); +INSERT INTO SystemSettings VALUES(DEFAULT, 'RandomString', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_RandomString', 'text', '', '', 60.09, 0, 1, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'EnableEmailLog', '1', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_EnableEmailLog', 'radio', NULL, '1=la_Yes||0=la_No', 65.01, 0, 1, 'hint:la_config_EnableEmailLog'); INSERT INTO SystemSettings VALUES(DEFAULT, 'EmailLogRotationInterval', '2419200', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_EmailLogRotationInterval', 'select', NULL, '86400=la_opt_OneDay||604800=la_opt_OneWeek||1209600=la_opt_TwoWeeks||2419200=la_opt_OneMonth||7257600=la_opt_ThreeMonths||29030400=la_opt_OneYear||-1=la_opt_EmailLogKeepForever', 65.02, 0, 0, 'hint:la_config_EmailLogRotationInterval'); INSERT INTO SystemSettings VALUES(DEFAULT, 'SystemLogRotationInterval', '2419200', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_SystemLogRotationInterval', 'select', NULL, '86400=la_opt_OneDay||604800=la_opt_OneWeek||1209600=la_opt_TwoWeeks||2419200=la_opt_OneMonth||7257600=la_opt_ThreeMonths||29030400=la_opt_OneYear||-1=la_opt_SystemLogKeepForever', 65.03, 0, 1, 'hint:la_config_SystemLogRotationInterval'); Index: install/install_toolkit.php =================================================================== --- install/install_toolkit.php (revision 15648) +++ install/install_toolkit.php (working copy) @@ -1184,4 +1184,26 @@ return $compression_engines; } + + /** + * Generates Random String configuration value + * + * @return void + */ + public function generateRandomString() + { + $table_name = $this->getSystemConfig('Database', 'TablePrefix') . 'SystemSettings'; + $sql = 'SELECT VariableValue + FROM ' . $table_name . ' + WHERE VariableName = "RandomString"'; + $random_string = $this->Conn->GetOne($sql); + $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $random_string ); + $rnd_value .= sha1($rnd_value); + $rnd_value .= sha1($rnd_value . $random_string); + $random_string = md5($random_string . $rnd_value); + $sql = 'UPDATE ' . $table_name . ' + SET VariableValue = ' . $this->Conn->qstr($random_string) . ' + WHERE VariableName = "RandomString"'; + $this->Conn->Query($sql); + } } \ No newline at end of file Index: install/upgrades.php =================================================================== --- install/upgrades.php (revision 15648) +++ install/upgrades.php (working copy) @@ -2303,6 +2303,10 @@ */ public function Upgrade_5_3_0_B1($mode) { + if ($mode == 'after') { + $this->_toolkit->generateRandomString(); + } + if ( $mode != 'before' ) { return; }

Index: install.php =================================================================== --- install.php (revision 15648) +++ install.php (working copy) @@ -1052,6 +1052,17 @@ ); $this->Conn->doInsert($fields_hash, TABLE_PREFIX.'SystemSettings'); } + + $random_string = $this->Application->ConfigValue('RandomString'); + + if ( !$random_string ) { + $user_helper = $this->Application->recallObject('UserHelper'); + /* @var $user_helper UserHelper */ + + $random_string = $user_helper->generateRandomString(64, true, true); + $this->Application->SetConfigValue('RandomString', $random_string); + } + break; } Index: install/english.lang =================================================================== --- install/english.lang (revision 15648) +++ install/english.lang (working copy) @@ -193,6 +193,7 @@ <PHRASE Label="la_config_PathToWebsite" Module="Core" Type="1">UGF0aCB0byBXZWJzaXRl</PHRASE> <PHRASE Label="la_config_PerformExactSearch" Module="Core" Type="1" Hint="U2VhcmNoIGZvciBhbGwgZW50ZXJlZCBrZXl3b3JkcywgaW5zdGVhZCBvZiBhbnkgb25lIG9mIHRoZW0=">UGVyZm9ybSBFeGFjdCBTZWFyY2g=</PHRASE> <PHRASE Label="la_config_PerpageReviews" Module="Core" Type="1">Q29tbWVudHMgcGVyIHBhZ2U=</PHRASE> + <PHRASE Label="la_config_RandomString" Module="Core" Type="1">UmFuZG9tIFN0cmluZw==</PHRASE> <PHRASE Label="la_config_RecycleBinFolder" Module="Core" Type="1">IlJlY3ljbGUgQmluIiBTZWN0aW9uSWQ=</PHRASE> <PHRASE Label="la_config_RegistrationUsernameRequired" Module="Core" Type="1">VXNlcm5hbWUgUmVxdWlyZWQgRHVyaW5nIFJlZ2lzdHJhdGlvbg==</PHRASE> <PHRASE Label="la_config_RememberLastAdminTemplate" Module="Core" Type="1">UmVzdG9yZSBsYXN0IHZpc2l0ZWQgQWRtaW4gU2VjdGlvbiBhZnRlciBMb2dpbg==</PHRASE> Index: install/install_data.sql =================================================================== --- install/install_data.sql (revision 15648) +++ install/install_data.sql (working copy) @@ -97,6 +97,7 @@ INSERT INTO SystemSettings VALUES(DEFAULT, 'Backup_Path', '/home/alex/web/in-portal.rc/system/backupdata', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_backup_path', 'text', '', '', 60.06, 0, 1, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'SystemTagCache', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_prompt_syscache_enable', 'checkbox', NULL, NULL, 60.07, 0, 0, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'SocketBlockingMode', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_prompt_socket_blocking_mode', 'checkbox', NULL, NULL, 60.08, 0, 0, NULL); +INSERT INTO SystemSettings VALUES(DEFAULT, 'RandomString', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_RandomString', 'text', '', '', 60.09, 0, 1, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'EnableEmailLog', '1', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_EnableEmailLog', 'radio', NULL, '1=la_Yes||0=la_No', 65.01, 0, 1, 'hint:la_config_EnableEmailLog'); INSERT INTO SystemSettings VALUES(DEFAULT, 'EmailLogRotationInterval', '2419200', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_EmailLogRotationInterval', 'select', NULL, '86400=la_opt_OneDay||604800=la_opt_OneWeek||1209600=la_opt_TwoWeeks||2419200=la_opt_OneMonth||7257600=la_opt_ThreeMonths||29030400=la_opt_OneYear||-1=la_opt_EmailLogKeepForever', 65.02, 0, 0, 'hint:la_config_EmailLogRotationInterval'); INSERT INTO SystemSettings VALUES(DEFAULT, 'SystemLogRotationInterval', '2419200', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_SystemLogRotationInterval', 'select', NULL, '86400=la_opt_OneDay||604800=la_opt_OneWeek||1209600=la_opt_TwoWeeks||2419200=la_opt_OneMonth||7257600=la_opt_ThreeMonths||29030400=la_opt_OneYear||-1=la_opt_SystemLogKeepForever', 65.03, 0, 1, 'hint:la_config_SystemLogRotationInterval'); Index: install/upgrades.sql =================================================================== --- install/upgrades.sql (revision 15648) +++ install/upgrades.sql (working copy) @@ -2883,3 +2883,5 @@ UPDATE SystemSettings SET DisplayOrder = ROUND(DisplayOrder - 0.01, 2) WHERE (DisplayOrder BETWEEN 60.04 AND 60.10) AND (ModuleOwner = 'In-Portal') AND (Section = 'in-portal:configure_advanced'); + +INSERT INTO SystemSettings VALUES(DEFAULT, 'RandomString', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_RandomString', 'text', '', '', 60.09, 0, 1, NULL); Index: units/helpers/user_helper.php =================================================================== --- units/helpers/user_helper.php (revision 15648) +++ units/helpers/user_helper.php (working copy) @@ -631,4 +631,74 @@ return $object->Update() ? '' : 'restore_impossible'; } + + /** + * Generates a random number + * + * @param int $min Lower limit for the generated number (optional, default is 0) + * @param int $max Upper limit for the generated number (optional, default is 4294967295) + * @return int A random number between min and max + * @access public + */ + public function generateRandomNumber($min = 0, $max = 0) + { + global $rnd_value; + + // Reset $rnd_value after 14 uses + // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value + if ( strlen($rnd_value) < 8 ) { + $random_seed = $this->Application->getDBCache('random_seed'); + $rnd_value = md5(uniqid(microtime() . mt_rand(), true) . $random_seed); + $rnd_value .= sha1($rnd_value); + $rnd_value .= sha1($rnd_value . $random_seed); + $random_seed = md5($random_seed . $rnd_value); + $this->Application->setDBCache('random_seed', $random_seed); + } + + // Take the first 8 digits for our value + $value = substr($rnd_value, 0, 8); + + // Strip the first eight, leaving the remainder for the next call to wp_rand(). + $rnd_value = substr($rnd_value, 8); + + $value = abs(hexdec($value)); + + // Reduce the value to be within the min - max range + // 4294967295 = 0xffffffff = max random number + if ( $max != 0 ) { + $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1))); + } + + return abs(intval($value)); + } + + /** + * Generates rendom string + * + * @param int $length + * @param bool $special_chars + * @param bool $extra_special_chars + * @return string + * @access public + */ + public function generateRandomString($length = 12, $special_chars = true, $extra_special_chars = false) + { + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + + if ( $special_chars ) { + $chars .= '!@#$%^&*()'; + } + + if ( $extra_special_chars ) { + $chars .= '-_ []{}<>~`+=,.;:/?|'; + } + + $password = ''; + + for ($i = 0; $i < $length; $i++) { + $password .= substr($chars, $this->generateRandomNumber(0, strlen($chars) - 1), 1); + } + + return $password; + } }

Index: core/install/upgrades.sql IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/install/upgrades.sql (revision 15640) +++ core/install/upgrades.sql (revision ) @@ -2883,3 +2883,5 @@ UPDATE SystemSettings SET DisplayOrder = ROUND(DisplayOrder - 0.01, 2) WHERE (DisplayOrder BETWEEN 60.04 AND 60.10) AND (ModuleOwner = 'In-Portal') AND (Section = 'in-portal:configure_advanced'); + +INSERT INTO SystemSettings VALUES(DEFAULT, 'RandomString', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_RandomString', 'text', '', '', 60.09, 0, 1, NULL); Index: core/install.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/install.php (revision 15601) +++ core/install.php (revision ) @@ -1052,6 +1052,17 @@ ); $this->Conn->doInsert($fields_hash, TABLE_PREFIX.'SystemSettings'); } + + $random_string = $this->Application->ConfigValue('RandomString'); + + if ( !$random_string ) { + $user_helper = $this->Application->recallObject('UserHelper'); + /* @var $user_helper UserHelper */ + + $random_string = $user_helper->generateRandomString(64, true, true); + $this->Application->SetConfigValue('RandomString', $random_string); + } + break; } Index: core/install/install_data.sql IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/install/install_data.sql (revision 15640) +++ core/install/install_data.sql (revision ) @@ -97,6 +97,7 @@ INSERT INTO SystemSettings VALUES(DEFAULT, 'Backup_Path', '/home/alex/web/in-portal.rc/system/backupdata', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_backup_path', 'text', '', '', 60.06, 0, 1, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'SystemTagCache', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_prompt_syscache_enable', 'checkbox', NULL, NULL, 60.07, 0, 0, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'SocketBlockingMode', '0', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_prompt_socket_blocking_mode', 'checkbox', NULL, NULL, 60.08, 0, 0, NULL); +INSERT INTO SystemSettings VALUES(DEFAULT, 'RandomString', '', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsSystem', 'la_config_RandomString', 'text', '', '', 60.09, 0, 1, NULL); INSERT INTO SystemSettings VALUES(DEFAULT, 'EnableEmailLog', '1', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_EnableEmailLog', 'radio', NULL, '1=la_Yes||0=la_No', 65.01, 0, 1, 'hint:la_config_EnableEmailLog'); INSERT INTO SystemSettings VALUES(DEFAULT, 'EmailLogRotationInterval', '2419200', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_EmailLogRotationInterval', 'select', NULL, '86400=la_opt_OneDay||604800=la_opt_OneWeek||1209600=la_opt_TwoWeeks||2419200=la_opt_OneMonth||7257600=la_opt_ThreeMonths||29030400=la_opt_OneYear||-1=la_opt_EmailLogKeepForever', 65.02, 0, 0, 'hint:la_config_EmailLogRotationInterval'); INSERT INTO SystemSettings VALUES(DEFAULT, 'SystemLogRotationInterval', '2419200', 'In-Portal', 'in-portal:configure_advanced', 'la_section_SettingsLogs', 'la_config_SystemLogRotationInterval', 'select', NULL, '86400=la_opt_OneDay||604800=la_opt_OneWeek||1209600=la_opt_TwoWeeks||2419200=la_opt_OneMonth||7257600=la_opt_ThreeMonths||29030400=la_opt_OneYear||-1=la_opt_SystemLogKeepForever', 65.03, 0, 1, 'hint:la_config_SystemLogRotationInterval'); @@ -1028,4 +1029,4 @@ INSERT INTO PromoBlockGroups VALUES (DEFAULT, 'Default Group', UNIX_TIMESTAMP(), '1', '7.00', '0.60', '1', 'fade', ''); INSERT INTO Modules VALUES ('Core', 'core/', 'adm', DEFAULT, 1, 1, '', 0, NULL, NULL); ~~-INSERT INTO Modules VALUES ('In-Portal', 'core/', 'm', DEFAULT, 1, 0, '', 0, NULL, NULL);~~ \ No newline at end of file +INSERT INTO Modules VALUES ('In-Portal', 'core/', 'm', DEFAULT, 1, 0, '', 0, NULL, NULL); Index: core/install/english.lang IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/install/english.lang (revision 15640) +++ core/install/english.lang (revision ) @@ -193,6 +193,7 @@ <PHRASE Label="la_config_PathToWebsite" Module="Core" Type="1">UGF0aCB0byBXZWJzaXRl</PHRASE> <PHRASE Label="la_config_PerformExactSearch" Module="Core" Type="1" Hint="U2VhcmNoIGZvciBhbGwgZW50ZXJlZCBrZXl3b3JkcywgaW5zdGVhZCBvZiBhbnkgb25lIG9mIHRoZW0=">UGVyZm9ybSBFeGFjdCBTZWFyY2g=</PHRASE> <PHRASE Label="la_config_PerpageReviews" Module="Core" Type="1">Q29tbWVudHMgcGVyIHBhZ2U=</PHRASE> + <PHRASE Label="la_config_RandomString" Module="Core" Type="1">UmFuZG9tIFN0cmluZw==</PHRASE> <PHRASE Label="la_config_RecycleBinFolder" Module="Core" Type="1">IlJlY3ljbGUgQmluIiBTZWN0aW9uSWQ=</PHRASE> <PHRASE Label="la_config_RegistrationUsernameRequired" Module="Core" Type="1">VXNlcm5hbWUgUmVxdWlyZWQgRHVyaW5nIFJlZ2lzdHJhdGlvbg==</PHRASE> <PHRASE Label="la_config_RememberLastAdminTemplate" Module="Core" Type="1">UmVzdG9yZSBsYXN0IHZpc2l0ZWQgQWRtaW4gU2VjdGlvbiBhZnRlciBMb2dpbg==</PHRASE> @@ -2210,4 +2211,4 @@ <COUNTRY Iso="ZWE" Translation="WmltYmFid2U="/> </COUNTRIES> </LANGUAGE> ~~-</LANGUAGES>~~ \ No newline at end of file +</LANGUAGES> Index: core/units/helpers/user_helper.php IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- core/units/helpers/user_helper.php (revision 15601) +++ core/units/helpers/user_helper.php (revision ) @@ -631,4 +631,74 @@ return $object->Update() ? '' : 'restore_impossible'; } + + /** + * Generates random string + * + * @param int $length + * @param bool $special_chars + * @param bool $extra_special_chars + * @return string + * @access public + */ + public function generateRandomString($length = 12, $special_chars = true, $extra_special_chars = false) + { + $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + + if ( $special_chars ) { + $chars .= '!@#$%^&*()'; + } + + if ( $extra_special_chars ) { + $chars .= '-_ []{}<>~`+=,.;:/?|'; + } + + $password = ''; + + for ($i = 0; $i < $length; $i++) { + $password .= substr($chars, $this->_generateRandomNumber(0, strlen($chars) - 1), 1); + } + + return $password; + } + + /** + * Generates a random number + * + * @param int $min Lower limit for the generated number (optional, default is 0) + * @param int $max Upper limit for the generated number (optional, default is 4294967295) + * @return int A random number between min and max + * @access protected + */ + protected function _generateRandomNumber($min = 0, $max = 0) + { + static $rnd_value = ''; + + // Reset $rnd_value after 14 uses + // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value + if ( strlen($rnd_value) < 8 ) { + $random_seed = $this->Application->getDBCache('random_seed'); + $rnd_value = md5(uniqid(microtime() . mt_rand(), true) . $random_seed); + $rnd_value .= sha1($rnd_value); + $rnd_value .= sha1($rnd_value . $random_seed); + $random_seed = md5($random_seed . $rnd_value); + $this->Application->setDBCache('random_seed', $random_seed); + } + + // Take the first 8 digits for our value + $value = substr($rnd_value, 0, 8); + + // Strip the first eight, leaving the remainder for the next call to wp_rand(). + $rnd_value = substr($rnd_value, 8); + + $value = abs(hexdec($value)); + + // Reduce the value to be within the min - max range + // 4294967295 = 0xffffffff = max random number + if ( $max != 0 ) { + $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1))); + } + + return abs(intval($value)); + } ~~- }~~ + } \ No newline at end of file

Notes
(0005314) alex (manager) 2012-12-05 03:18	Plan: 1. add new system setting called "RandomString" ("Random String") and place it under "Use non-blocking socket mode" setting in "Configuration -> Website -> Advanced" section 2. during clean install + during upgrade to 5.3.0-B1 version use code from WordPress to generate similar random string 3. verify that for each clean install / upgrade made different string is generated each time

(0005320) erik (manager) 2012-12-06 05:28	Patch attached. Needs testing

(0005321) alex (manager) 2012-12-06 06:22 edited on: 2012-12-06 06:24	1. must use $this->Application->SetConfigValue method instead of doing direct SQLs to SystemSettings table ($this->Application is available during upgrade and during clean install it's available after root password is entered) 2. why current random string value (which is 100% empty during install/upgrade) is being used to generate new random string value?

(0005323) erik (manager) 2012-12-06 11:31	1. Impossible - No application object at used execution point. 2. In the task was told - "use code from WordPress to generate similar random string". In wordpress old value is used on new value generation.

(0005324) alex (manager) 2012-12-06 12:00	1 - then move random string generation to one of next steps, where application is available Also don't forget, that cookies used during installation also needs to be hashed (see related task about hashing) using generated string

(0005326) erik (manager) 2012-12-07 07:11	New patch version attached. Needs testing.

(0005330) alex (manager) 2012-12-11 02:54	1. missing upgrade script, that inserts RandomString system setting 2. root password hash is used as initial seed, which introduces always the same (if password is the same) component in string generation 3. generated string doesn't look like these random strings (take from wp-config.php file): define('AUTH_KEY', 'B9Gb>TN!3{onYA(4&PW>K8>@@KD\|G8V1/\|J-\|}m;=_5O2\|\|Vp/tg_6_[Nv]f5E-S'); define('SECURE_AUTH_KEY', '&jFdwDy_Nz^7/0=}ZSZF-iNQ5w^rpCswV}S&8/O+@Z%Jzk{q[OtW8Q<f2.}wx`\|$'); define('LOGGED_IN_KEY', '@+J_;[5$u[A4nR%z\|y6?d-!$U0G%jB8xOQ6+^OdPf4rnby/7mTbF{+!z$2=\|'); define('NONCE_KEY', '+#y\|nb[<<9\|/[Y3r31S!rKIYtl8vQ:8;>4z8k+a\|1Gx_=t{sdkjEfyRO&6+JnF__'); 3a. Probably wp_generate_password function should be used. 4. Random string(+seed) generation (+password generation) code looks promising, let's move both functions to UserHelper. Please also preserve behavior when generated random seed (set_transient) is stored somewhere (e.g. cache table) and is reset after N uses.

(0005334) erik (manager) 2012-12-11 05:55	1. Fixed 2. Fixed 3. Fixed 4. Fixed New patch version attached. Needs testing

(0005336) alex (manager) 2012-12-12 03:39	Looks about right. I've only did following in V4 version: 1. changed global $rnd_value variable into static variable 2. method generateRandomNumber made protected

(0005337) alex (manager) 2012-12-12 03:40	Fix committed to 5.3.x branch. Commit Message: Fixes 0001435: Generate random string at install 1. Commit on behalf of Erik

Related Changesets
In-Portal CMS: 5.3.x r15649 Timestamp: 2012-12-12 03:40:30 Author: alex [ Details ] [ Diff ]	Fixes 0001435: Generate random string at install 1. Commit on behalf of Erik
	mod - /in-portal/branches/5.3.x/core/install/english.lang	[ Diff ] [ File ]
	mod - /in-portal/branches/5.3.x/core/install/install_data.sql	[ Diff ] [ File ]
	mod - /in-portal/branches/5.3.x/core/install/upgrades.sql	[ Diff ] [ File ]
	mod - /in-portal/branches/5.3.x/core/install.php	[ Diff ] [ File ]
	mod - /in-portal/branches/5.3.x/core/units/helpers/user_helper.php	[ Diff ] [ File ]

Issue History
Date Modified	Username	Field	Change
2012-12-12 03:40	alex	Note Added: 0005337
2012-12-12 03:40	alex	Status	reviewed and tested => resolved
2012-12-12 03:40	alex	Fixed in Version	=> 5.3.0-B1
2012-12-12 03:40	alex	Resolution	open => fixed
2012-12-12 03:40	alex	Changeset attached	5.3.x r15649
2012-12-12 03:39	alex	Note Added: 0005336
2012-12-12 03:39	alex	Status	needs testing => reviewed and tested
2012-12-12 03:38	alex	File Added: random_string_configuration_1435_v4.patch
2012-12-11 05:55	erik	Note Added: 0005334
2012-12-11 05:55	erik	Assigned To	erik => alex
2012-12-11 05:55	erik	Status	needs work => needs testing
2012-12-11 05:53	erik	File Added: random_string_configuration_1435_v3.patch
2012-12-11 02:58	alex	Assigned To	alex => erik
2012-12-11 02:54	alex	Note Added: 0005330
2012-12-11 02:54	alex	Status	needs testing => needs work
2012-12-07 07:11	erik	Note Added: 0005326
2012-12-07 07:11	erik	Assigned To	erik => alex
2012-12-07 07:11	erik	Status	needs work => needs testing
2012-12-07 07:10	erik	File Added: random_string_configuration_1435_v2.patch
2012-12-06 12:00	alex	Note Added: 0005324
2012-12-06 12:00	alex	Assigned To	alex => erik
2012-12-06 11:31	erik	Note Added: 0005323
2012-12-06 11:30	erik	Assigned To	erik => alex
2012-12-06 06:24	alex	Note Edited: 0005321	View Revisions
2012-12-06 06:22	alex	Note Added: 0005321
2012-12-06 06:22	alex	Assigned To	alex => erik
2012-12-06 06:22	alex	Status	needs testing => needs work
2012-12-06 05:28	erik	Note Added: 0005320
2012-12-06 05:28	erik	Assigned To	=> alex
2012-12-06 05:28	erik	Developer	=> erik
2012-12-06 05:28	erik	Status	active => needs testing
2012-12-06 05:28	erik	File Added: random_string_configuration_1435.patch
2012-12-05 03:18	alex	Note Added: 0005314
2012-11-05 11:24	alex	Relationship added	related to 0001436
2012-11-05 11:22	alex	New Issue
2012-11-05 11:22	alex	Reference	=> https://groups.google.com/d/topic/in-portal-dev/qenm_MavpZc/discussion
2012-11-05 11:22	alex	Change Log Message	=> Adds random string for each In-Portal installation
2012-11-05 11:22	alex	Estimate Points	=> 1

In-Portal Issue Tracker