aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/Utils.php
diff options
context:
space:
mode:
Diffstat (limited to 'application/Utils.php')
-rw-r--r--application/Utils.php39
1 files changed, 39 insertions, 0 deletions
diff --git a/application/Utils.php b/application/Utils.php
index 0a5b476e..35d65224 100644
--- a/application/Utils.php
+++ b/application/Utils.php
@@ -231,3 +231,42 @@ function autoLocale($headerLocale)
231 } 231 }
232 setlocale(LC_ALL, $attempts); 232 setlocale(LC_ALL, $attempts);
233} 233}
234
235/**
236 * Generates a default API secret.
237 *
238 * Note that the random-ish methods used in this function are predictable,
239 * which makes them NOT suitable for crypto.
240 * BUT the random string is salted with the salt and hashed with the username.
241 * It makes the generated API secret secured enough for Shaarli.
242 *
243 * PHP 7 provides random_int(), designed for cryptography.
244 * More info: http://stackoverflow.com/questions/4356289/php-random-string-generator
245
246 * @param string $username Shaarli login username
247 * @param string $salt Shaarli password hash salt
248 *
249 * @return string|bool Generated API secret, 12 char length.
250 * Or false if invalid parameters are provided (which will make the API unusable).
251 */
252function generate_api_secret($username, $salt)
253{
254 if (empty($username) || empty($salt)) {
255 return false;
256 }
257
258 return str_shuffle(substr(hash_hmac('sha512', uniqid($salt), $username), 10, 12));
259}
260
261/**
262 * Trim string, replace sequences of whitespaces by a single space.
263 * PHP equivalent to `normalize-space` XSLT function.
264 *
265 * @param string $string Input string.
266 *
267 * @return mixed Normalized string.
268 */
269function normalize_spaces($string)
270{
271 return preg_replace('/\s{2,}/', ' ', trim($string));
272}