diff options
Diffstat (limited to 'application/Utils.php')
-rw-r--r-- | application/Utils.php | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/application/Utils.php b/application/Utils.php index 0a5b476e..35d65224 100644 --- a/application/Utils.php +++ b/application/Utils.php | |||
@@ -231,3 +231,42 @@ function autoLocale($headerLocale) | |||
231 | } | 231 | } |
232 | setlocale(LC_ALL, $attempts); | 232 | setlocale(LC_ALL, $attempts); |
233 | } | 233 | } |
234 | |||
235 | /** | ||
236 | * Generates a default API secret. | ||
237 | * | ||
238 | * Note that the random-ish methods used in this function are predictable, | ||
239 | * which makes them NOT suitable for crypto. | ||
240 | * BUT the random string is salted with the salt and hashed with the username. | ||
241 | * It makes the generated API secret secured enough for Shaarli. | ||
242 | * | ||
243 | * PHP 7 provides random_int(), designed for cryptography. | ||
244 | * More info: http://stackoverflow.com/questions/4356289/php-random-string-generator | ||
245 | |||
246 | * @param string $username Shaarli login username | ||
247 | * @param string $salt Shaarli password hash salt | ||
248 | * | ||
249 | * @return string|bool Generated API secret, 12 char length. | ||
250 | * Or false if invalid parameters are provided (which will make the API unusable). | ||
251 | */ | ||
252 | function generate_api_secret($username, $salt) | ||
253 | { | ||
254 | if (empty($username) || empty($salt)) { | ||
255 | return false; | ||
256 | } | ||
257 | |||
258 | return str_shuffle(substr(hash_hmac('sha512', uniqid($salt), $username), 10, 12)); | ||
259 | } | ||
260 | |||
261 | /** | ||
262 | * Trim string, replace sequences of whitespaces by a single space. | ||
263 | * PHP equivalent to `normalize-space` XSLT function. | ||
264 | * | ||
265 | * @param string $string Input string. | ||
266 | * | ||
267 | * @return mixed Normalized string. | ||
268 | */ | ||
269 | function normalize_spaces($string) | ||
270 | { | ||
271 | return preg_replace('/\s{2,}/', ' ', trim($string)); | ||
272 | } | ||