/[dtapublic]/to_be_filed/webprojs/php_libraries/php_library/fboprime/sitehashkeygen.php
ViewVC logotype

Contents of /to_be_filed/webprojs/php_libraries/php_library/fboprime/sitehashkeygen.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 35 - (show annotations) (download)
Sat Oct 8 23:35:33 2016 UTC (7 years, 11 months ago) by dashley
File size: 9493 byte(s)
Initial commit.
1 #!/usr/bin/php -q
2 <?php
3 //$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/standalone/sitehashkeygen.php,v 1.7 2006/02/05 19:13:37 dashley Exp $
4 //--------------------------------------------------------------------------------
5 //sitehashkeygen.php--Generates FboPrime Cryptographic Hash Key
6 //Copyright (C) 2006 David T. Ashley
7 //
8 //This program is free software; you can redistribute it and/or
9 //modify it under the terms of the GNU General Public License
10 //as published by the Free Software Foundation; either version 2
11 //of the License, or (at your option) any later version.
12 //
13 //This program is distributed in the hope that it will be useful,
14 //but WITHOUT ANY WARRANTY; without even the implied warranty of
15 //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 //GNU General Public License for more details.
17 //
18 //You should have received a copy of the GNU General Public License
19 //along with this program; if not, write to the Free Software
20 //Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 //--------------------------------------------------------------------------------
22 //Configuration constant--the number of characters in the key.
23 define("SITEHASHKEYGEN_KEYNUMCHARS", 200);
24 //
25 //Configuration constant--the number of characters presented on each
26 //line of the key.
27 define("SITEHASHKEYGEN_KEYNUMCHARSPERLINE", 50);
28 //
29 //Configuration constant--the file name in which to write the
30 //key.
31 define("SITEHASHKEYGEN_OUTPUTFILENAME", "sitehashkey.inc");
32 //
33 //--------------------------------------------------------------------------------
34 //Returns a version control string. Used for randomness.
35 //
36 function vc_info()
37 {
38 return("\$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/standalone/sitehashkeygen.php,v 1.7 2006/02/05 19:13:37 dashley Exp $");
39 }
40 //--------------------------------------------------------------------------------
41 function write_preamble($handle)
42 {
43 fwrite($handle, "<?php\n");
44 fwrite($handle, "//This PHP include file contains the FboPrime site hash key. This key is\n");
45 fwrite($handle, "//normally automatically generated at the time the software is set up.\n");
46 fwrite($handle, "//This key can be edited by hand safely--it is just an ordinary string of\n");
47 fwrite($handle, "//arbitrary length. However, if it is manually edited, it should be\n");
48 fwrite($handle, "//edited only at the time the system is set up. Modifying this key on a\n");
49 fwrite($handle, "//working system will invalidate every user password and may have other ill\n");
50 fwrite($handle, "//effects as well.\n");
51 fwrite($handle, "//\n");
52 fwrite($handle, "//Permissions on this file should be set so that FboPrime users cannot view\n");
53 fwrite($handle, "//its contents (it should be private to the Apache server). If FboPrime\n");
54 fwrite($handle, "//users can view this key, it may enable some security attacks on the\n");
55 fwrite($handle, "//FboPrime software (as users may be able to forge some data).\n");
56 fwrite($handle, "//\n");
57 fwrite($handle, "//Generating program: \$RCSfile: sitehashkeygen.php,v $\n");
58 fwrite($handle, "//Generating program CVS revision: \$Revision: 1.7 $\n");
59 fwrite($handle, "//Generating program CVS revision date: \$Date: 2006/02/05 19:13:37 $\n");
60 $datestring = date("d-M-Y H:i:s (\U\T\C O)");
61 fwrite($handle, "//Time of key generation: " . $datestring . "\n");
62 fwrite($handle, "//------------------------------------------------------------------------------------------\n");
63 fwrite($handle, "define(\"SITEHASHKEY_SITEHASHKEY\", \"");
64 }
65 //--------------------------------------------------------------------------------
66 function write_key($handle)
67 {
68 //It is a little tricky to get get a lot of randomness. An MD5 is 128 bits (32 hex digits).
69 //32 digits of MD5 plus 48 other random characters ought to do it.
70 //
71 //The set of characters allowed for the non-MD5 part of the hash key.
72 //
73 $allowed_chars = "0123456789"
74 . "abcdefghijklmnopqrstuvwxyz"
75 . "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
76 . "_=+-*/()[]<>;:.,?";
77 $n_allowed_chars = strlen($allowed_chars);
78
79 //-------------------------------------------------------------------------------------
80 //Phase I: Generate an MD5 based on a fair amount of randomness. The intent is to
81 //create randomness by tying the microtimes generated to the execution of this program
82 //on the system, which might depend on CPU speed, system load, and a number of other
83 //factors.
84 //-------------------------------------------------------------------------------------
85 $value = vc_info();
86
87 for ($i=0; $i<500; $i++)
88 {
89 $value .= microtime() . rand();
90
91 $r = rand(1000, 5000);
92
93 for ($j=0; $j<$r; $j++)
94 {
95 //The goal here is to burn a variable amount of time. In addition to depending
96 //on r, this depends on the characteristics of the server and server load.
97 //The variable amount of time should make the results of microtime() unpredictable.
98 //
99 $trash = sqrt($j);
100 }
101 }
102
103 $key_out = md5($value);
104
105 //-------------------------------------------------------------------------------------
106 //Phase II: Mix the previously-generated randomness with more stuff we can get from
107 //the system.
108 //-------------------------------------------------------------------------------------
109 $value = $key_out . date("dDjlNSwzWFmmntLoYyaABgGhHiseIOTZcrU") . $key_out;
110 $key_out .= md5($value);
111
112 //-------------------------------------------------------------------------------------
113 //Phase III: Use the PHP random number generator to generate more pseudo-random stuff.
114 //-------------------------------------------------------------------------------------
115 while (strlen($key_out) < SITEHASHKEYGEN_KEYNUMCHARS)
116 {
117 $idx = rand(0, $n_allowed_chars - 1);
118 $key_out .= Substr($allowed_chars, $idx, 1);
119 }
120
121 //The key is fully formed. Now, output it.
122 for ($z=0; $z<strlen($key_out); $z++)
123 {
124 $c = substr($key_out, $z, 1);
125 fwrite($handle, $c);
126 if ((($z % SITEHASHKEYGEN_KEYNUMCHARSPERLINE) == (SITEHASHKEYGEN_KEYNUMCHARSPERLINE - 1)) && ($z != (strlen($key_out) - 1)))
127 {
128 fwrite($handle, "\" .\n \"");
129 }
130 }
131 }
132 //--------------------------------------------------------------------------------
133 function write_postamble($handle)
134 {
135 fwrite($handle, "\" );\n");
136 fwrite($handle, "?>\n");
137 }
138 //--------------------------------------------------------------------------------
139 //--------------------------------------------------------------------------------
140 //------ M A I N S C R I P T ------------------------------------------------
141 //--------------------------------------------------------------------------------
142 //--------------------------------------------------------------------------------
143 //Process the input parameters. There must be either zero or one of those
144 //on the command-line, otherwise there is an error. If there is one,
145 //it is the path in which the site hash key file should be written.
146 if ($argc == 1)
147 {
148 //The no parameters case--we just use the working directory.
149 $outputfilename = (string) SITEHASHKEYGEN_OUTPUTFILENAME;
150 }
151 else if ($argc == 2)
152 {
153 //The path was passed to the script.
154 $outputfilepath = (string) $argv[1];
155
156 //If the path doesn't end with a slash, add the slash.
157 if (substr($outputfilepath, strlen($outputfilepath) - 1, 1) != "/")
158 $outputfilepath .= "/";
159
160 //Add in the filename.
161 $outputfilename = $outputfilepath . SITEHASHKEYGEN_OUTPUTFILENAME;
162 }
163 else
164 {
165 //Wrong number of parameters.
166 echo "Wrong number of parameters to script.\n";
167 exit(1);
168 }
169
170
171 //Try to open the file for writing.
172 $handle = fopen($outputfilename, "w");
173 if ($handle===FALSE)
174 {
175 echo "File open failure.\n";
176 exit(1);
177 }
178 //
179 //Write the preamble. This is everything up to the key itself.
180 write_preamble($handle);
181 //
182 //Generate and write the key.
183 write_key($handle);
184 //
185 //Write the postamble. This is everything after the key.
186 write_postamble($handle);
187 //
188 //Close the file.
189 if (fclose($handle)===FALSE)
190 {
191 echo "File close failure.\n";
192 exit(1);
193 }
194 //
195 //If we're here, success. Per the standard Unix way of thinking
196 //say nothing. Silence means OK.
197 exit(0);
198 //
199 //--------------------------------------------------------------------------------
200 //$Log: sitehashkeygen.php,v $
201 //Revision 1.7 2006/02/05 19:13:37 dashley
202 //Documentation tweaks.
203 //
204 //Revision 1.6 2006/02/05 19:07:18 dashley
205 //Path to include file added as command-line parameter to script. Script
206 //now also checks for wrong number of command-line parameters.
207 //
208 //Revision 1.5 2006/02/05 18:34:12 dashley
209 //Enhancements to randomness.
210 //
211 //Revision 1.4 2006/02/05 18:12:17 dashley
212 //Checkin to exercise keyword expansion.
213 //
214 //Revision 1.3 2006/02/05 08:50:40 dashley
215 //Edits.
216 //
217 //Revision 1.2 2006/02/05 08:11:24 dashley
218 //Edits.
219 //
220 //Revision 1.1 2006/02/05 06:52:59 dashley
221 //Initial checkin.
222 //--------------------------------------------------------------------------------
223 ?>

dashley@gmail.com
ViewVC Help
Powered by ViewVC 1.1.25