/[dtapublic]/to_be_filed/webprojs/php_libraries/php_library/fboprime/sitehashkeygen.php
ViewVC logotype

Annotation of /to_be_filed/webprojs/php_libraries/php_library/fboprime/sitehashkeygen.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 35 - (hide annotations) (download)
Sat Oct 8 23:35:33 2016 UTC (8 years, 1 month ago) by dashley
File size: 9493 byte(s)
Initial commit.
1 dashley 35 #!/usr/bin/php -q
2     <?php
3     //$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/standalone/sitehashkeygen.php,v 1.7 2006/02/05 19:13:37 dashley Exp $
4     //--------------------------------------------------------------------------------
5     //sitehashkeygen.php--Generates FboPrime Cryptographic Hash Key
6     //Copyright (C) 2006 David T. Ashley
7     //
8     //This program is free software; you can redistribute it and/or
9     //modify it under the terms of the GNU General Public License
10     //as published by the Free Software Foundation; either version 2
11     //of the License, or (at your option) any later version.
12     //
13     //This program is distributed in the hope that it will be useful,
14     //but WITHOUT ANY WARRANTY; without even the implied warranty of
15     //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16     //GNU General Public License for more details.
17     //
18     //You should have received a copy of the GNU General Public License
19     //along with this program; if not, write to the Free Software
20     //Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21     //--------------------------------------------------------------------------------
22     //Configuration constant--the number of characters in the key.
23     define("SITEHASHKEYGEN_KEYNUMCHARS", 200);
24     //
25     //Configuration constant--the number of characters presented on each
26     //line of the key.
27     define("SITEHASHKEYGEN_KEYNUMCHARSPERLINE", 50);
28     //
29     //Configuration constant--the file name in which to write the
30     //key.
31     define("SITEHASHKEYGEN_OUTPUTFILENAME", "sitehashkey.inc");
32     //
33     //--------------------------------------------------------------------------------
34     //Returns a version control string. Used for randomness.
35     //
36     function vc_info()
37     {
38     return("\$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/standalone/sitehashkeygen.php,v 1.7 2006/02/05 19:13:37 dashley Exp $");
39     }
40     //--------------------------------------------------------------------------------
41     function write_preamble($handle)
42     {
43     fwrite($handle, "<?php\n");
44     fwrite($handle, "//This PHP include file contains the FboPrime site hash key. This key is\n");
45     fwrite($handle, "//normally automatically generated at the time the software is set up.\n");
46     fwrite($handle, "//This key can be edited by hand safely--it is just an ordinary string of\n");
47     fwrite($handle, "//arbitrary length. However, if it is manually edited, it should be\n");
48     fwrite($handle, "//edited only at the time the system is set up. Modifying this key on a\n");
49     fwrite($handle, "//working system will invalidate every user password and may have other ill\n");
50     fwrite($handle, "//effects as well.\n");
51     fwrite($handle, "//\n");
52     fwrite($handle, "//Permissions on this file should be set so that FboPrime users cannot view\n");
53     fwrite($handle, "//its contents (it should be private to the Apache server). If FboPrime\n");
54     fwrite($handle, "//users can view this key, it may enable some security attacks on the\n");
55     fwrite($handle, "//FboPrime software (as users may be able to forge some data).\n");
56     fwrite($handle, "//\n");
57     fwrite($handle, "//Generating program: \$RCSfile: sitehashkeygen.php,v $\n");
58     fwrite($handle, "//Generating program CVS revision: \$Revision: 1.7 $\n");
59     fwrite($handle, "//Generating program CVS revision date: \$Date: 2006/02/05 19:13:37 $\n");
60     $datestring = date("d-M-Y H:i:s (\U\T\C O)");
61     fwrite($handle, "//Time of key generation: " . $datestring . "\n");
62     fwrite($handle, "//------------------------------------------------------------------------------------------\n");
63     fwrite($handle, "define(\"SITEHASHKEY_SITEHASHKEY\", \"");
64     }
65     //--------------------------------------------------------------------------------
66     function write_key($handle)
67     {
68     //It is a little tricky to get get a lot of randomness. An MD5 is 128 bits (32 hex digits).
69     //32 digits of MD5 plus 48 other random characters ought to do it.
70     //
71     //The set of characters allowed for the non-MD5 part of the hash key.
72     //
73     $allowed_chars = "0123456789"
74     . "abcdefghijklmnopqrstuvwxyz"
75     . "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
76     . "_=+-*/()[]<>;:.,?";
77     $n_allowed_chars = strlen($allowed_chars);
78    
79     //-------------------------------------------------------------------------------------
80     //Phase I: Generate an MD5 based on a fair amount of randomness. The intent is to
81     //create randomness by tying the microtimes generated to the execution of this program
82     //on the system, which might depend on CPU speed, system load, and a number of other
83     //factors.
84     //-------------------------------------------------------------------------------------
85     $value = vc_info();
86    
87     for ($i=0; $i<500; $i++)
88     {
89     $value .= microtime() . rand();
90    
91     $r = rand(1000, 5000);
92    
93     for ($j=0; $j<$r; $j++)
94     {
95     //The goal here is to burn a variable amount of time. In addition to depending
96     //on r, this depends on the characteristics of the server and server load.
97     //The variable amount of time should make the results of microtime() unpredictable.
98     //
99     $trash = sqrt($j);
100     }
101     }
102    
103     $key_out = md5($value);
104    
105     //-------------------------------------------------------------------------------------
106     //Phase II: Mix the previously-generated randomness with more stuff we can get from
107     //the system.
108     //-------------------------------------------------------------------------------------
109     $value = $key_out . date("dDjlNSwzWFmmntLoYyaABgGhHiseIOTZcrU") . $key_out;
110     $key_out .= md5($value);
111    
112     //-------------------------------------------------------------------------------------
113     //Phase III: Use the PHP random number generator to generate more pseudo-random stuff.
114     //-------------------------------------------------------------------------------------
115     while (strlen($key_out) < SITEHASHKEYGEN_KEYNUMCHARS)
116     {
117     $idx = rand(0, $n_allowed_chars - 1);
118     $key_out .= Substr($allowed_chars, $idx, 1);
119     }
120    
121     //The key is fully formed. Now, output it.
122     for ($z=0; $z<strlen($key_out); $z++)
123     {
124     $c = substr($key_out, $z, 1);
125     fwrite($handle, $c);
126     if ((($z % SITEHASHKEYGEN_KEYNUMCHARSPERLINE) == (SITEHASHKEYGEN_KEYNUMCHARSPERLINE - 1)) && ($z != (strlen($key_out) - 1)))
127     {
128     fwrite($handle, "\" .\n \"");
129     }
130     }
131     }
132     //--------------------------------------------------------------------------------
133     function write_postamble($handle)
134     {
135     fwrite($handle, "\" );\n");
136     fwrite($handle, "?>\n");
137     }
138     //--------------------------------------------------------------------------------
139     //--------------------------------------------------------------------------------
140     //------ M A I N S C R I P T ------------------------------------------------
141     //--------------------------------------------------------------------------------
142     //--------------------------------------------------------------------------------
143     //Process the input parameters. There must be either zero or one of those
144     //on the command-line, otherwise there is an error. If there is one,
145     //it is the path in which the site hash key file should be written.
146     if ($argc == 1)
147     {
148     //The no parameters case--we just use the working directory.
149     $outputfilename = (string) SITEHASHKEYGEN_OUTPUTFILENAME;
150     }
151     else if ($argc == 2)
152     {
153     //The path was passed to the script.
154     $outputfilepath = (string) $argv[1];
155    
156     //If the path doesn't end with a slash, add the slash.
157     if (substr($outputfilepath, strlen($outputfilepath) - 1, 1) != "/")
158     $outputfilepath .= "/";
159    
160     //Add in the filename.
161     $outputfilename = $outputfilepath . SITEHASHKEYGEN_OUTPUTFILENAME;
162     }
163     else
164     {
165     //Wrong number of parameters.
166     echo "Wrong number of parameters to script.\n";
167     exit(1);
168     }
169    
170    
171     //Try to open the file for writing.
172     $handle = fopen($outputfilename, "w");
173     if ($handle===FALSE)
174     {
175     echo "File open failure.\n";
176     exit(1);
177     }
178     //
179     //Write the preamble. This is everything up to the key itself.
180     write_preamble($handle);
181     //
182     //Generate and write the key.
183     write_key($handle);
184     //
185     //Write the postamble. This is everything after the key.
186     write_postamble($handle);
187     //
188     //Close the file.
189     if (fclose($handle)===FALSE)
190     {
191     echo "File close failure.\n";
192     exit(1);
193     }
194     //
195     //If we're here, success. Per the standard Unix way of thinking
196     //say nothing. Silence means OK.
197     exit(0);
198     //
199     //--------------------------------------------------------------------------------
200     //$Log: sitehashkeygen.php,v $
201     //Revision 1.7 2006/02/05 19:13:37 dashley
202     //Documentation tweaks.
203     //
204     //Revision 1.6 2006/02/05 19:07:18 dashley
205     //Path to include file added as command-line parameter to script. Script
206     //now also checks for wrong number of command-line parameters.
207     //
208     //Revision 1.5 2006/02/05 18:34:12 dashley
209     //Enhancements to randomness.
210     //
211     //Revision 1.4 2006/02/05 18:12:17 dashley
212     //Checkin to exercise keyword expansion.
213     //
214     //Revision 1.3 2006/02/05 08:50:40 dashley
215     //Edits.
216     //
217     //Revision 1.2 2006/02/05 08:11:24 dashley
218     //Edits.
219     //
220     //Revision 1.1 2006/02/05 06:52:59 dashley
221     //Initial checkin.
222     //--------------------------------------------------------------------------------
223     ?>

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25