From 3f590b2d6f985f3133addd2bdfeaf124d4b8c188 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Sun, 21 Jul 2013 02:36:43 +0000
Subject: [PATCH] Change random code generator

Use mysql connection timing as the random seed, along with the microseconds
of the current time.
---
 include/class.misc.php | 42 ++++++++++++++++++++++++++++--------------
 include/mysql.php      |  4 ++++
 include/mysqli.php     |  4 ++++
 3 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/include/class.misc.php b/include/class.misc.php
index b6d9a673f..e913a8de0 100644
--- a/include/class.misc.php
+++ b/include/class.misc.php
@@ -14,26 +14,40 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 class Misc {
-    
-	function randCode($len=8) {
-		return substr(strtoupper(base_convert(microtime(),10,16)),0,$len);
+
+	function randCode($count=8, $chars=false) {
+        $chars = $chars ? $chars
+            : 'abcdefghijklmnopqrstuvwzyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+        $data = '';
+        $m = strlen($chars) - 1;
+        for ($i=0; $i < $count; $i++)
+            $data .= $chars[mt_rand(0,$m)];
+        return $data;
 	}
-    
+
+    function __rand_seed($value=0) {
+        // Form a 32-bit figure for the random seed with the lower 16-bits
+        // the microseconds of the current time, and the upper 16-bits from
+        // received value
+        $seed = ((int) $value % 65535) << 16;
+        $seed += (int) ((double) microtime() * 1000000) % 65535;
+        mt_srand($seed);
+    }
+
     /* Helper used to generate ticket IDs */
     function randNumber($len=6,$start=false,$end=false) {
 
-        mt_srand ((double) microtime() * 1000000);
         $start=(!$len && $start)?$start:str_pad(1,$len,"0",STR_PAD_RIGHT);
         $end=(!$len && $end)?$end:str_pad(9,$len,"9",STR_PAD_RIGHT);
-        
+
         return mt_rand($start,$end);
     }
 
-    /* misc date helpers...this will go away once we move to php 5 */ 
+    /* misc date helpers...this will go away once we move to php 5 */
     function db2gmtime($var){
         global $cfg;
         if(!$var) return;
-        
+
         $dbtime=is_int($var)?$var:strtotime($var);
         return $dbtime-($cfg->getDBTZoffset()*3600);
     }
@@ -41,7 +55,7 @@ class Misc {
     //Take user time or gmtime and return db (mysql) time.
     function dbtime($var=null){
          global $cfg;
-             
+
         if(is_null($var) || !$var)
             $time=Misc::gmtime(); //gm time.
         else{ //user time to GM.
@@ -52,7 +66,7 @@ class Misc {
         //gm to db time
         return $time+($cfg->getDBTZoffset()*3600);
     }
-    
+
     /*Helper get GM time based on timezone offset*/
     function gmtime() {
         return time()-date('Z');
@@ -67,7 +81,7 @@ class Misc {
 
     //Current page
     function currentURL() {
-        
+
         $str = 'http';
         if ($_SERVER['HTTPS'] == 'on') {
             $str .='s';
@@ -78,7 +92,7 @@ class Misc {
             if (isset($_SERVER['QUERY_STRING'])) {
                 $_SERVER['REQUEST_URI'].='?'.$_SERVER['QUERY_STRING'];
             }
-        } 
+        }
         if ($_SERVER['SERVER_PORT']!=80) {
             $str .= $_SERVER['SERVER_NAME'].':'.$_SERVER['SERVER_PORT'].$_SERVER['REQUEST_URI'];
         } else {
@@ -92,7 +106,7 @@ class Misc {
         $hr =is_null($hr)?0:$hr;
         $min =is_null($min)?0:$min;
 
-        //normalize;    
+        //normalize;
         if($hr>=24)
             $hr=$hr%24;
         elseif($hr<0)
@@ -106,7 +120,7 @@ class Misc {
             $min=15;
         else
             $min=0;
-       
+
         ob_start();
         echo sprintf('<select name="%s" id="%s">',$name,$name);
         echo '<option value="" selected>Time</option>';
diff --git a/include/mysql.php b/include/mysql.php
index 2a479072c..4e3bd7eb8 100644
--- a/include/mysql.php
+++ b/include/mysql.php
@@ -23,6 +23,7 @@
       	    return NULL;
 
         //Connect
+        $start = (double) microtime() * 1000000;
         if(!($dblink =@mysql_connect($host, $user, $passwd)))
             return NULL;
 
@@ -36,6 +37,9 @@
 
         @db_set_variable('sql_mode', '');
 
+        // Use connection timing to seed the random number generator
+        Misc::__rand_seed(((double) microtime() * 1000000) - $start);
+
         return $dblink;
     }
 
diff --git a/include/mysqli.php b/include/mysqli.php
index ced95434a..ec369c652 100644
--- a/include/mysqli.php
+++ b/include/mysqli.php
@@ -39,6 +39,7 @@ function db_connect($host, $user, $passwd, $options = array()) {
         return NULL;
 
     //Connectr
+    $start = microtime(true);
     if(!@$__db->real_connect($host, $user, $passwd))
         return NULL;
 
@@ -52,6 +53,9 @@ function db_connect($host, $user, $passwd, $options = array()) {
 
     @db_set_variable('sql_mode', '');
 
+    // Use connection timing to seed the random number generator
+    Misc::__rand_seed((microtime(true) - $start) * 1000000);
+
     return $__db;
 }
 
-- 
GitLab