Improved entropy for report file urls.

[fa-stable.git] / includes / main.inc

diff --git a/includes/main.inc b/includes/main.inc
index db1576bf50d748ad38b2b0bdd7b1b160dfcba57d..b61b41a80a8cdd3cc41630374a4844385a4c7559 100644 (file)
--- a/includes/main.inc
+++ b/includes/main.inc
@@ -352,4 +352,24 @@ function clean_file_name($filename) {
     return preg_replace('/[^a-zA-Z0-9.\-_]/', '_', $filename);
 }
 
-?>
\ No newline at end of file
+/*
+       This function aims to generate cryptographically strong random identifier.
+       Result identifier has length 4[strength/8/3] 
+*/
+function random_id($strength = 128)
+{
+       $n = ceil($strength/8);
+
+       if (function_exists('openssl_random_pseudo_bytes'))
+               $bin = openssl_random_pseudo_bytes($n, $cstrong);       // openssl on php 5.3 and up
+       else if (file_exists('/dev/urandom'))
+               $bin = file_get_contents('/dev/urandom', false, null, -1, $n);  // linux std random device
+       else {
+               $bin = '';
+               for($i=0; $i < $n; $i++)
+                       $bin .= chr(mt_rand(0, 255));   // Mersene Twister generator
+       }
+       $id = strtr(base64_encode($bin), '+/', '-_');   // see RFC 4648 Section 5
+
+       return $id;
+}