You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

random_compat.phar 47KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527
  1. <?php
  2. $web = 'index.php';
  3. if (in_array('phar', stream_get_wrappers()) && class_exists('Phar', 0)) {
  4. Phar::interceptFileFuncs();
  5. set_include_path('phar://' . __FILE__ . PATH_SEPARATOR . get_include_path());
  6. Phar::webPhar(null, $web);
  7. include 'phar://' . __FILE__ . '/' . Extract_Phar::START;
  8. return;
  9. }
  10. if (@(isset($_SERVER['REQUEST_URI']) && isset($_SERVER['REQUEST_METHOD']) && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'POST'))) {
  11. Extract_Phar::go(true);
  12. $mimes = array(
  13. 'phps' => 2,
  14. 'c' => 'text/plain',
  15. 'cc' => 'text/plain',
  16. 'cpp' => 'text/plain',
  17. 'c++' => 'text/plain',
  18. 'dtd' => 'text/plain',
  19. 'h' => 'text/plain',
  20. 'log' => 'text/plain',
  21. 'rng' => 'text/plain',
  22. 'txt' => 'text/plain',
  23. 'xsd' => 'text/plain',
  24. 'php' => 1,
  25. 'inc' => 1,
  26. 'avi' => 'video/avi',
  27. 'bmp' => 'image/bmp',
  28. 'css' => 'text/css',
  29. 'gif' => 'image/gif',
  30. 'htm' => 'text/html',
  31. 'html' => 'text/html',
  32. 'htmls' => 'text/html',
  33. 'ico' => 'image/x-ico',
  34. 'jpe' => 'image/jpeg',
  35. 'jpg' => 'image/jpeg',
  36. 'jpeg' => 'image/jpeg',
  37. 'js' => 'application/x-javascript',
  38. 'midi' => 'audio/midi',
  39. 'mid' => 'audio/midi',
  40. 'mod' => 'audio/mod',
  41. 'mov' => 'movie/quicktime',
  42. 'mp3' => 'audio/mp3',
  43. 'mpg' => 'video/mpeg',
  44. 'mpeg' => 'video/mpeg',
  45. 'pdf' => 'application/pdf',
  46. 'png' => 'image/png',
  47. 'swf' => 'application/shockwave-flash',
  48. 'tif' => 'image/tiff',
  49. 'tiff' => 'image/tiff',
  50. 'wav' => 'audio/wav',
  51. 'xbm' => 'image/xbm',
  52. 'xml' => 'text/xml',
  53. );
  54. header("Cache-Control: no-cache, must-revalidate");
  55. header("Pragma: no-cache");
  56. $basename = basename(__FILE__);
  57. if (!strpos($_SERVER['REQUEST_URI'], $basename)) {
  58. chdir(Extract_Phar::$temp);
  59. include $web;
  60. return;
  61. }
  62. $pt = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], $basename) + strlen($basename));
  63. if (!$pt || $pt == '/') {
  64. $pt = $web;
  65. header('HTTP/1.1 301 Moved Permanently');
  66. header('Location: ' . $_SERVER['REQUEST_URI'] . '/' . $pt);
  67. exit;
  68. }
  69. $a = realpath(Extract_Phar::$temp . DIRECTORY_SEPARATOR . $pt);
  70. if (!$a || strlen(dirname($a)) < strlen(Extract_Phar::$temp)) {
  71. header('HTTP/1.0 404 Not Found');
  72. echo "<html>\n <head>\n <title>File Not Found<title>\n </head>\n <body>\n <h1>404 - File Not Found</h1>\n </body>\n</html>";
  73. exit;
  74. }
  75. $b = pathinfo($a);
  76. if (!isset($b['extension'])) {
  77. header('Content-Type: text/plain');
  78. header('Content-Length: ' . filesize($a));
  79. readfile($a);
  80. exit;
  81. }
  82. if (isset($mimes[$b['extension']])) {
  83. if ($mimes[$b['extension']] === 1) {
  84. include $a;
  85. exit;
  86. }
  87. if ($mimes[$b['extension']] === 2) {
  88. highlight_file($a);
  89. exit;
  90. }
  91. header('Content-Type: ' .$mimes[$b['extension']]);
  92. header('Content-Length: ' . filesize($a));
  93. readfile($a);
  94. exit;
  95. }
  96. }
  97. class Extract_Phar
  98. {
  99. static $temp;
  100. static $origdir;
  101. const GZ = 0x1000;
  102. const BZ2 = 0x2000;
  103. const MASK = 0x3000;
  104. const START = 'index.php';
  105. const LEN = 6643;
  106. static function go($return = false)
  107. {
  108. $fp = fopen(__FILE__, 'rb');
  109. fseek($fp, self::LEN);
  110. $L = unpack('V', $a = fread($fp, 4));
  111. $m = '';
  112. do {
  113. $read = 8192;
  114. if ($L[1] - strlen($m) < 8192) {
  115. $read = $L[1] - strlen($m);
  116. }
  117. $last = fread($fp, $read);
  118. $m .= $last;
  119. } while (strlen($last) && strlen($m) < $L[1]);
  120. if (strlen($m) < $L[1]) {
  121. die('ERROR: manifest length read was "' .
  122. strlen($m) .'" should be "' .
  123. $L[1] . '"');
  124. }
  125. $info = self::_unpack($m);
  126. $f = $info['c'];
  127. if ($f & self::GZ) {
  128. if (!function_exists('gzinflate')) {
  129. die('Error: zlib extension is not enabled -' .
  130. ' gzinflate() function needed for zlib-compressed .phars');
  131. }
  132. }
  133. if ($f & self::BZ2) {
  134. if (!function_exists('bzdecompress')) {
  135. die('Error: bzip2 extension is not enabled -' .
  136. ' bzdecompress() function needed for bz2-compressed .phars');
  137. }
  138. }
  139. $temp = self::tmpdir();
  140. if (!$temp || !is_writable($temp)) {
  141. $sessionpath = session_save_path();
  142. if (strpos ($sessionpath, ";") !== false)
  143. $sessionpath = substr ($sessionpath, strpos ($sessionpath, ";")+1);
  144. if (!file_exists($sessionpath) || !is_dir($sessionpath)) {
  145. die('Could not locate temporary directory to extract phar');
  146. }
  147. $temp = $sessionpath;
  148. }
  149. $temp .= '/pharextract/'.basename(__FILE__, '.phar');
  150. self::$temp = $temp;
  151. self::$origdir = getcwd();
  152. @mkdir($temp, 0777, true);
  153. $temp = realpath($temp);
  154. if (!file_exists($temp . DIRECTORY_SEPARATOR . md5_file(__FILE__))) {
  155. self::_removeTmpFiles($temp, getcwd());
  156. @mkdir($temp, 0777, true);
  157. @file_put_contents($temp . '/' . md5_file(__FILE__), '');
  158. foreach ($info['m'] as $path => $file) {
  159. $a = !file_exists(dirname($temp . '/' . $path));
  160. @mkdir(dirname($temp . '/' . $path), 0777, true);
  161. clearstatcache();
  162. if ($path[strlen($path) - 1] == '/') {
  163. @mkdir($temp . '/' . $path, 0777);
  164. } else {
  165. file_put_contents($temp . '/' . $path, self::extractFile($path, $file, $fp));
  166. @chmod($temp . '/' . $path, 0666);
  167. }
  168. }
  169. }
  170. chdir($temp);
  171. if (!$return) {
  172. include self::START;
  173. }
  174. }
  175. static function tmpdir()
  176. {
  177. if (strpos(PHP_OS, 'WIN') !== false) {
  178. if ($var = getenv('TMP') ? getenv('TMP') : getenv('TEMP')) {
  179. return $var;
  180. }
  181. if (is_dir('/temp') || mkdir('/temp')) {
  182. return realpath('/temp');
  183. }
  184. return false;
  185. }
  186. if ($var = getenv('TMPDIR')) {
  187. return $var;
  188. }
  189. return realpath('/tmp');
  190. }
  191. static function _unpack($m)
  192. {
  193. $info = unpack('V', substr($m, 0, 4));
  194. $l = unpack('V', substr($m, 10, 4));
  195. $m = substr($m, 14 + $l[1]);
  196. $s = unpack('V', substr($m, 0, 4));
  197. $o = 0;
  198. $start = 4 + $s[1];
  199. $ret['c'] = 0;
  200. for ($i = 0; $i < $info[1]; $i++) {
  201. $len = unpack('V', substr($m, $start, 4));
  202. $start += 4;
  203. $savepath = substr($m, $start, $len[1]);
  204. $start += $len[1];
  205. $ret['m'][$savepath] = array_values(unpack('Va/Vb/Vc/Vd/Ve/Vf', substr($m, $start, 24)));
  206. $ret['m'][$savepath][3] = sprintf('%u', $ret['m'][$savepath][3]
  207. & 0xffffffff);
  208. $ret['m'][$savepath][7] = $o;
  209. $o += $ret['m'][$savepath][2];
  210. $start += 24 + $ret['m'][$savepath][5];
  211. $ret['c'] |= $ret['m'][$savepath][4] & self::MASK;
  212. }
  213. return $ret;
  214. }
  215. static function extractFile($path, $entry, $fp)
  216. {
  217. $data = '';
  218. $c = $entry[2];
  219. while ($c) {
  220. if ($c < 8192) {
  221. $data .= @fread($fp, $c);
  222. $c = 0;
  223. } else {
  224. $c -= 8192;
  225. $data .= @fread($fp, 8192);
  226. }
  227. }
  228. if ($entry[4] & self::GZ) {
  229. $data = gzinflate($data);
  230. } elseif ($entry[4] & self::BZ2) {
  231. $data = bzdecompress($data);
  232. }
  233. if (strlen($data) != $entry[0]) {
  234. die("Invalid internal .phar file (size error " . strlen($data) . " != " .
  235. $stat[7] . ")");
  236. }
  237. if ($entry[3] != sprintf("%u", crc32($data) & 0xffffffff)) {
  238. die("Invalid internal .phar file (checksum error)");
  239. }
  240. return $data;
  241. }
  242. static function _removeTmpFiles($temp, $origdir)
  243. {
  244. chdir($temp);
  245. foreach (glob('*') as $f) {
  246. if (file_exists($f)) {
  247. is_dir($f) ? @rmdir($f) : @unlink($f);
  248. if (file_exists($f) && is_dir($f)) {
  249. self::_removeTmpFiles($f, getcwd());
  250. }
  251. }
  252. }
  253. @rmdir($temp);
  254. clearstatcache();
  255. chdir($origdir);
  256. }
  257. }
  258. Extract_Phar::go();
  259. __HALT_COMPILER(); ?>��
  260. ����������random_compat.phar�������byte_safe_strings.phpU��´BÅZU��
  261. ãƶ���������cast_to_int.phpF
  262. ��´BÅZF
  263. ��:)û%¶���������error_polyfill.php¡��´BÅZ¡��"]¶������ ���index.phpM��´BÅZM��t:•Ä¶���������random_bytes_com_dotnet.phpW ��´BÅZW ��¡@¶���������random_bytes_dev_urandom.php@��´BÅZ@��Ù*‘ã¶���������random_bytes_libsodium.php ��´BÅZ ��Ñ;[c¶������!���random_bytes_libsodium_legacy.phpN ��´BÅZN ��ƒ^L¶���������random_bytes_mcrypt.phpÙ ��´BÅZÙ ��¯BS7¶���������random_int.phpv��´BÅZv��ôÍâ¶������<?php
  264. /**
  265. * Random_* Compatibility Library
  266. * for using the new PHP 7 random_* API in PHP 5 projects
  267. *
  268. * The MIT License (MIT)
  269. *
  270. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  271. *
  272. * Permission is hereby granted, free of charge, to any person obtaining a copy
  273. * of this software and associated documentation files (the "Software"), to deal
  274. * in the Software without restriction, including without limitation the rights
  275. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  276. * copies of the Software, and to permit persons to whom the Software is
  277. * furnished to do so, subject to the following conditions:
  278. *
  279. * The above copyright notice and this permission notice shall be included in
  280. * all copies or substantial portions of the Software.
  281. *
  282. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  283. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  284. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  285. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  286. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  287. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  288. * SOFTWARE.
  289. */
  290. if (!is_callable('RandomCompat_strlen')) {
  291. if (
  292. defined('MB_OVERLOAD_STRING') &&
  293. ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
  294. ) {
  295. /**
  296. * strlen() implementation that isn't brittle to mbstring.func_overload
  297. *
  298. * This version uses mb_strlen() in '8bit' mode to treat strings as raw
  299. * binary rather than UTF-8, ISO-8859-1, etc
  300. *
  301. * @param string $binary_string
  302. *
  303. * @throws TypeError
  304. *
  305. * @return int
  306. */
  307. function RandomCompat_strlen($binary_string)
  308. {
  309. if (!is_string($binary_string)) {
  310. throw new TypeError(
  311. 'RandomCompat_strlen() expects a string'
  312. );
  313. }
  314. return (int) mb_strlen($binary_string, '8bit');
  315. }
  316. } else {
  317. /**
  318. * strlen() implementation that isn't brittle to mbstring.func_overload
  319. *
  320. * This version just used the default strlen()
  321. *
  322. * @param string $binary_string
  323. *
  324. * @throws TypeError
  325. *
  326. * @return int
  327. */
  328. function RandomCompat_strlen($binary_string)
  329. {
  330. if (!is_string($binary_string)) {
  331. throw new TypeError(
  332. 'RandomCompat_strlen() expects a string'
  333. );
  334. }
  335. return (int) strlen($binary_string);
  336. }
  337. }
  338. }
  339. if (!is_callable('RandomCompat_substr')) {
  340. if (
  341. defined('MB_OVERLOAD_STRING')
  342. &&
  343. ini_get('mbstring.func_overload') & MB_OVERLOAD_STRING
  344. ) {
  345. /**
  346. * substr() implementation that isn't brittle to mbstring.func_overload
  347. *
  348. * This version uses mb_substr() in '8bit' mode to treat strings as raw
  349. * binary rather than UTF-8, ISO-8859-1, etc
  350. *
  351. * @param string $binary_string
  352. * @param int $start
  353. * @param int $length (optional)
  354. *
  355. * @throws TypeError
  356. *
  357. * @return string
  358. */
  359. function RandomCompat_substr($binary_string, $start, $length = null)
  360. {
  361. if (!is_string($binary_string)) {
  362. throw new TypeError(
  363. 'RandomCompat_substr(): First argument should be a string'
  364. );
  365. }
  366. if (!is_int($start)) {
  367. throw new TypeError(
  368. 'RandomCompat_substr(): Second argument should be an integer'
  369. );
  370. }
  371. if ($length === null) {
  372. /**
  373. * mb_substr($str, 0, NULL, '8bit') returns an empty string on
  374. * PHP 5.3, so we have to find the length ourselves.
  375. */
  376. $length = RandomCompat_strlen($binary_string) - $start;
  377. } elseif (!is_int($length)) {
  378. throw new TypeError(
  379. 'RandomCompat_substr(): Third argument should be an integer, or omitted'
  380. );
  381. }
  382. // Consistency with PHP's behavior
  383. if ($start === RandomCompat_strlen($binary_string) && $length === 0) {
  384. return '';
  385. }
  386. if ($start > RandomCompat_strlen($binary_string)) {
  387. return '';
  388. }
  389. return (string) mb_substr($binary_string, $start, $length, '8bit');
  390. }
  391. } else {
  392. /**
  393. * substr() implementation that isn't brittle to mbstring.func_overload
  394. *
  395. * This version just uses the default substr()
  396. *
  397. * @param string $binary_string
  398. * @param int $start
  399. * @param int $length (optional)
  400. *
  401. * @throws TypeError
  402. *
  403. * @return string
  404. */
  405. function RandomCompat_substr($binary_string, $start, $length = null)
  406. {
  407. if (!is_string($binary_string)) {
  408. throw new TypeError(
  409. 'RandomCompat_substr(): First argument should be a string'
  410. );
  411. }
  412. if (!is_int($start)) {
  413. throw new TypeError(
  414. 'RandomCompat_substr(): Second argument should be an integer'
  415. );
  416. }
  417. if ($length !== null) {
  418. if (!is_int($length)) {
  419. throw new TypeError(
  420. 'RandomCompat_substr(): Third argument should be an integer, or omitted'
  421. );
  422. }
  423. return (string) substr($binary_string, $start, $length);
  424. }
  425. return (string) substr($binary_string, $start);
  426. }
  427. }
  428. }
  429. <?php
  430. /**
  431. * Random_* Compatibility Library
  432. * for using the new PHP 7 random_* API in PHP 5 projects
  433. *
  434. * The MIT License (MIT)
  435. *
  436. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  437. *
  438. * Permission is hereby granted, free of charge, to any person obtaining a copy
  439. * of this software and associated documentation files (the "Software"), to deal
  440. * in the Software without restriction, including without limitation the rights
  441. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  442. * copies of the Software, and to permit persons to whom the Software is
  443. * furnished to do so, subject to the following conditions:
  444. *
  445. * The above copyright notice and this permission notice shall be included in
  446. * all copies or substantial portions of the Software.
  447. *
  448. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  449. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  450. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  451. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  452. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  453. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  454. * SOFTWARE.
  455. */
  456. if (!is_callable('RandomCompat_intval')) {
  457. /**
  458. * Cast to an integer if we can, safely.
  459. *
  460. * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
  461. * (non-inclusive), it will sanely cast it to an int. If you it's equal to
  462. * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
  463. * lose precision, so the <= and => operators might accidentally let a float
  464. * through.
  465. *
  466. * @param int|float $number The number we want to convert to an int
  467. * @param bool $fail_open Set to true to not throw an exception
  468. *
  469. * @return float|int
  470. * @psalm-suppress InvalidReturnType
  471. *
  472. * @throws TypeError
  473. */
  474. function RandomCompat_intval($number, $fail_open = false)
  475. {
  476. if (is_int($number) || is_float($number)) {
  477. $number += 0;
  478. } elseif (is_numeric($number)) {
  479. $number += 0;
  480. }
  481. if (
  482. is_float($number)
  483. &&
  484. $number > ~PHP_INT_MAX
  485. &&
  486. $number < PHP_INT_MAX
  487. ) {
  488. $number = (int) $number;
  489. }
  490. if (is_int($number)) {
  491. return (int) $number;
  492. } elseif (!$fail_open) {
  493. throw new TypeError(
  494. 'Expected an integer.'
  495. );
  496. }
  497. return $number;
  498. }
  499. }
  500. <?php
  501. /**
  502. * Random_* Compatibility Library
  503. * for using the new PHP 7 random_* API in PHP 5 projects
  504. *
  505. * The MIT License (MIT)
  506. *
  507. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  508. *
  509. * Permission is hereby granted, free of charge, to any person obtaining a copy
  510. * of this software and associated documentation files (the "Software"), to deal
  511. * in the Software without restriction, including without limitation the rights
  512. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  513. * copies of the Software, and to permit persons to whom the Software is
  514. * furnished to do so, subject to the following conditions:
  515. *
  516. * The above copyright notice and this permission notice shall be included in
  517. * all copies or substantial portions of the Software.
  518. *
  519. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  520. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  521. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  522. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  523. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  524. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  525. * SOFTWARE.
  526. */
  527. if (!class_exists('Error', false)) {
  528. // We can't really avoid making this extend Exception in PHP 5.
  529. class Error extends Exception
  530. {
  531. }
  532. }
  533. if (!class_exists('TypeError', false)) {
  534. if (is_subclass_of('Error', 'Exception')) {
  535. class TypeError extends Error
  536. {
  537. }
  538. } else {
  539. class TypeError extends Exception
  540. {
  541. }
  542. }
  543. }
  544. <?php
  545. /**
  546. * Random_* Compatibility Library
  547. * for using the new PHP 7 random_* API in PHP 5 projects
  548. *
  549. * @version 2.0.10
  550. * @released 2017-03-13
  551. *
  552. * The MIT License (MIT)
  553. *
  554. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  555. *
  556. * Permission is hereby granted, free of charge, to any person obtaining a copy
  557. * of this software and associated documentation files (the "Software"), to deal
  558. * in the Software without restriction, including without limitation the rights
  559. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  560. * copies of the Software, and to permit persons to whom the Software is
  561. * furnished to do so, subject to the following conditions:
  562. *
  563. * The above copyright notice and this permission notice shall be included in
  564. * all copies or substantial portions of the Software.
  565. *
  566. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  567. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  568. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  569. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  570. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  571. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  572. * SOFTWARE.
  573. */
  574. if (!defined('PHP_VERSION_ID')) {
  575. // This constant was introduced in PHP 5.2.7
  576. $RandomCompatversion = array_map('intval', explode('.', PHP_VERSION));
  577. define(
  578. 'PHP_VERSION_ID',
  579. $RandomCompatversion[0] * 10000
  580. + $RandomCompatversion[1] * 100
  581. + $RandomCompatversion[2]
  582. );
  583. $RandomCompatversion = null;
  584. }
  585. /**
  586. * PHP 7.0.0 and newer have these functions natively.
  587. */
  588. if (PHP_VERSION_ID >= 70000) {
  589. return;
  590. }
  591. if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
  592. define('RANDOM_COMPAT_READ_BUFFER', 8);
  593. }
  594. $RandomCompatDIR = dirname(__FILE__);
  595. require_once $RandomCompatDIR . '/byte_safe_strings.php';
  596. require_once $RandomCompatDIR . '/cast_to_int.php';
  597. require_once $RandomCompatDIR . '/error_polyfill.php';
  598. if (!is_callable('random_bytes')) {
  599. /**
  600. * PHP 5.2.0 - 5.6.x way to implement random_bytes()
  601. *
  602. * We use conditional statements here to define the function in accordance
  603. * to the operating environment. It's a micro-optimization.
  604. *
  605. * In order of preference:
  606. * 1. Use libsodium if available.
  607. * 2. fread() /dev/urandom if available (never on Windows)
  608. * 3. mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM)
  609. * 4. COM('CAPICOM.Utilities.1')->GetRandom()
  610. *
  611. * See RATIONALE.md for our reasoning behind this particular order
  612. */
  613. if (extension_loaded('libsodium')) {
  614. // See random_bytes_libsodium.php
  615. if (PHP_VERSION_ID >= 50300 && is_callable('\\Sodium\\randombytes_buf')) {
  616. require_once $RandomCompatDIR . '/random_bytes_libsodium.php';
  617. } elseif (method_exists('Sodium', 'randombytes_buf')) {
  618. require_once $RandomCompatDIR . '/random_bytes_libsodium_legacy.php';
  619. }
  620. }
  621. /**
  622. * Reading directly from /dev/urandom:
  623. */
  624. if (DIRECTORY_SEPARATOR === '/') {
  625. // DIRECTORY_SEPARATOR === '/' on Unix-like OSes -- this is a fast
  626. // way to exclude Windows.
  627. $RandomCompatUrandom = true;
  628. $RandomCompat_basedir = ini_get('open_basedir');
  629. if (!empty($RandomCompat_basedir)) {
  630. $RandomCompat_open_basedir = explode(
  631. PATH_SEPARATOR,
  632. strtolower($RandomCompat_basedir)
  633. );
  634. $RandomCompatUrandom = (array() !== array_intersect(
  635. array('/dev', '/dev/', '/dev/urandom'),
  636. $RandomCompat_open_basedir
  637. ));
  638. $RandomCompat_open_basedir = null;
  639. }
  640. if (
  641. !is_callable('random_bytes')
  642. &&
  643. $RandomCompatUrandom
  644. &&
  645. @is_readable('/dev/urandom')
  646. ) {
  647. // Error suppression on is_readable() in case of an open_basedir
  648. // or safe_mode failure. All we care about is whether or not we
  649. // can read it at this point. If the PHP environment is going to
  650. // panic over trying to see if the file can be read in the first
  651. // place, that is not helpful to us here.
  652. // See random_bytes_dev_urandom.php
  653. require_once $RandomCompatDIR . '/random_bytes_dev_urandom.php';
  654. }
  655. // Unset variables after use
  656. $RandomCompat_basedir = null;
  657. } else {
  658. $RandomCompatUrandom = false;
  659. }
  660. /**
  661. * mcrypt_create_iv()
  662. *
  663. * We only want to use mcypt_create_iv() if:
  664. *
  665. * - random_bytes() hasn't already been defined
  666. * - the mcrypt extensions is loaded
  667. * - One of these two conditions is true:
  668. * - We're on Windows (DIRECTORY_SEPARATOR !== '/')
  669. * - We're not on Windows and /dev/urandom is readabale
  670. * (i.e. we're not in a chroot jail)
  671. * - Special case:
  672. * - If we're not on Windows, but the PHP version is between
  673. * 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
  674. * hang indefinitely. This is bad.
  675. * - If we're on Windows, we want to use PHP >= 5.3.7 or else
  676. * we get insufficient entropy errors.
  677. */
  678. if (
  679. !is_callable('random_bytes')
  680. &&
  681. // Windows on PHP < 5.3.7 is broken, but non-Windows is not known to be.
  682. (DIRECTORY_SEPARATOR === '/' || PHP_VERSION_ID >= 50307)
  683. &&
  684. // Prevent this code from hanging indefinitely on non-Windows;
  685. // see https://bugs.php.net/bug.php?id=69833
  686. (
  687. DIRECTORY_SEPARATOR !== '/' ||
  688. (PHP_VERSION_ID <= 50609 || PHP_VERSION_ID >= 50613)
  689. )
  690. &&
  691. extension_loaded('mcrypt')
  692. ) {
  693. // See random_bytes_mcrypt.php
  694. require_once $RandomCompatDIR . '/random_bytes_mcrypt.php';
  695. }
  696. $RandomCompatUrandom = null;
  697. /**
  698. * This is a Windows-specific fallback, for when the mcrypt extension
  699. * isn't loaded.
  700. */
  701. if (
  702. !is_callable('random_bytes')
  703. &&
  704. extension_loaded('com_dotnet')
  705. &&
  706. class_exists('COM')
  707. ) {
  708. $RandomCompat_disabled_classes = preg_split(
  709. '#\s*,\s*#',
  710. strtolower(ini_get('disable_classes'))
  711. );
  712. if (!in_array('com', $RandomCompat_disabled_classes)) {
  713. try {
  714. $RandomCompatCOMtest = new COM('CAPICOM.Utilities.1');
  715. if (method_exists($RandomCompatCOMtest, 'GetRandom')) {
  716. // See random_bytes_com_dotnet.php
  717. require_once $RandomCompatDIR . '/random_bytes_com_dotnet.php';
  718. }
  719. } catch (com_exception $e) {
  720. // Don't try to use it.
  721. }
  722. }
  723. $RandomCompat_disabled_classes = null;
  724. $RandomCompatCOMtest = null;
  725. }
  726. /**
  727. * throw new Exception
  728. */
  729. if (!is_callable('random_bytes')) {
  730. /**
  731. * We don't have any more options, so let's throw an exception right now
  732. * and hope the developer won't let it fail silently.
  733. *
  734. * @param mixed $length
  735. * @psalm-suppress MissingReturnType
  736. * @throws Exception
  737. * @return string
  738. */
  739. function random_bytes($length)
  740. {
  741. unset($length); // Suppress "variable not used" warnings.
  742. throw new Exception(
  743. 'There is no suitable CSPRNG installed on your system'
  744. );
  745. return '';
  746. }
  747. }
  748. }
  749. if (!is_callable('random_int')) {
  750. require_once $RandomCompatDIR . '/random_int.php';
  751. }
  752. $RandomCompatDIR = null;
  753. <?php
  754. /**
  755. * Random_* Compatibility Library
  756. * for using the new PHP 7 random_* API in PHP 5 projects
  757. *
  758. * The MIT License (MIT)
  759. *
  760. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  761. *
  762. * Permission is hereby granted, free of charge, to any person obtaining a copy
  763. * of this software and associated documentation files (the "Software"), to deal
  764. * in the Software without restriction, including without limitation the rights
  765. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  766. * copies of the Software, and to permit persons to whom the Software is
  767. * furnished to do so, subject to the following conditions:
  768. *
  769. * The above copyright notice and this permission notice shall be included in
  770. * all copies or substantial portions of the Software.
  771. *
  772. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  773. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  774. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  775. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  776. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  777. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  778. * SOFTWARE.
  779. */
  780. if (!is_callable('random_bytes')) {
  781. /**
  782. * Windows with PHP < 5.3.0 will not have the function
  783. * openssl_random_pseudo_bytes() available, so let's use
  784. * CAPICOM to work around this deficiency.
  785. *
  786. * @param int $bytes
  787. *
  788. * @throws Exception
  789. *
  790. * @return string
  791. */
  792. function random_bytes($bytes)
  793. {
  794. try {
  795. $bytes = RandomCompat_intval($bytes);
  796. } catch (TypeError $ex) {
  797. throw new TypeError(
  798. 'random_bytes(): $bytes must be an integer'
  799. );
  800. }
  801. if ($bytes < 1) {
  802. throw new Error(
  803. 'Length must be greater than 0'
  804. );
  805. }
  806. $buf = '';
  807. if (!class_exists('COM')) {
  808. throw new Error(
  809. 'COM does not exist'
  810. );
  811. }
  812. $util = new COM('CAPICOM.Utilities.1');
  813. $execCount = 0;
  814. /**
  815. * Let's not let it loop forever. If we run N times and fail to
  816. * get N bytes of random data, then CAPICOM has failed us.
  817. */
  818. do {
  819. $buf .= base64_decode($util->GetRandom($bytes, 0));
  820. if (RandomCompat_strlen($buf) >= $bytes) {
  821. /**
  822. * Return our random entropy buffer here:
  823. */
  824. return RandomCompat_substr($buf, 0, $bytes);
  825. }
  826. ++$execCount;
  827. } while ($execCount < $bytes);
  828. /**
  829. * If we reach here, PHP has failed us.
  830. */
  831. throw new Exception(
  832. 'Could not gather sufficient random data'
  833. );
  834. }
  835. }<?php
  836. /**
  837. * Random_* Compatibility Library
  838. * for using the new PHP 7 random_* API in PHP 5 projects
  839. *
  840. * The MIT License (MIT)
  841. *
  842. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  843. *
  844. * Permission is hereby granted, free of charge, to any person obtaining a copy
  845. * of this software and associated documentation files (the "Software"), to deal
  846. * in the Software without restriction, including without limitation the rights
  847. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  848. * copies of the Software, and to permit persons to whom the Software is
  849. * furnished to do so, subject to the following conditions:
  850. *
  851. * The above copyright notice and this permission notice shall be included in
  852. * all copies or substantial portions of the Software.
  853. *
  854. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  855. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  856. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  857. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  858. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  859. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  860. * SOFTWARE.
  861. */
  862. if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
  863. define('RANDOM_COMPAT_READ_BUFFER', 8);
  864. }
  865. if (!is_callable('random_bytes')) {
  866. /**
  867. * Unless open_basedir is enabled, use /dev/urandom for
  868. * random numbers in accordance with best practices
  869. *
  870. * Why we use /dev/urandom and not /dev/random
  871. * @ref http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers
  872. *
  873. * @param int $bytes
  874. *
  875. * @throws Exception
  876. *
  877. * @return string
  878. */
  879. function random_bytes($bytes)
  880. {
  881. static $fp = null;
  882. /**
  883. * This block should only be run once
  884. */
  885. if (empty($fp)) {
  886. /**
  887. * We use /dev/urandom if it is a char device.
  888. * We never fall back to /dev/random
  889. */
  890. $fp = fopen('/dev/urandom', 'rb');
  891. if (!empty($fp)) {
  892. $st = fstat($fp);
  893. if (($st['mode'] & 0170000) !== 020000) {
  894. fclose($fp);
  895. $fp = false;
  896. }
  897. }
  898. if (!empty($fp)) {
  899. /**
  900. * stream_set_read_buffer() does not exist in HHVM
  901. *
  902. * If we don't set the stream's read buffer to 0, PHP will
  903. * internally buffer 8192 bytes, which can waste entropy
  904. *
  905. * stream_set_read_buffer returns 0 on success
  906. */
  907. if (is_callable('stream_set_read_buffer')) {
  908. stream_set_read_buffer($fp, RANDOM_COMPAT_READ_BUFFER);
  909. }
  910. if (is_callable('stream_set_chunk_size')) {
  911. stream_set_chunk_size($fp, RANDOM_COMPAT_READ_BUFFER);
  912. }
  913. }
  914. }
  915. try {
  916. $bytes = RandomCompat_intval($bytes);
  917. } catch (TypeError $ex) {
  918. throw new TypeError(
  919. 'random_bytes(): $bytes must be an integer'
  920. );
  921. }
  922. if ($bytes < 1) {
  923. throw new Error(
  924. 'Length must be greater than 0'
  925. );
  926. }
  927. /**
  928. * This if() block only runs if we managed to open a file handle
  929. *
  930. * It does not belong in an else {} block, because the above
  931. * if (empty($fp)) line is logic that should only be run once per
  932. * page load.
  933. */
  934. if (!empty($fp)) {
  935. /**
  936. * @var int
  937. */
  938. $remaining = $bytes;
  939. /**
  940. * @var string|bool
  941. */
  942. $buf = '';
  943. /**
  944. * We use fread() in a loop to protect against partial reads
  945. */
  946. do {
  947. /**
  948. * @var string|bool
  949. */
  950. $read = fread($fp, $remaining);
  951. if (!is_string($read)) {
  952. if ($read === false) {
  953. /**
  954. * We cannot safely read from the file. Exit the
  955. * do-while loop and trigger the exception condition
  956. *
  957. * @var string|bool
  958. */
  959. $buf = false;
  960. break;
  961. }
  962. }
  963. /**
  964. * Decrease the number of bytes returned from remaining
  965. */
  966. $remaining -= RandomCompat_strlen($read);
  967. /**
  968. * @var string|bool
  969. */
  970. $buf = $buf . $read;
  971. } while ($remaining > 0);
  972. /**
  973. * Is our result valid?
  974. */
  975. if (is_string($buf)) {
  976. if (RandomCompat_strlen($buf) === $bytes) {
  977. /**
  978. * Return our random entropy buffer here:
  979. */
  980. return $buf;
  981. }
  982. }
  983. }
  984. /**
  985. * If we reach here, PHP has failed us.
  986. */
  987. throw new Exception(
  988. 'Error reading from source device'
  989. );
  990. }
  991. }
  992. <?php
  993. /**
  994. * Random_* Compatibility Library
  995. * for using the new PHP 7 random_* API in PHP 5 projects
  996. *
  997. * The MIT License (MIT)
  998. *
  999. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  1000. *
  1001. * Permission is hereby granted, free of charge, to any person obtaining a copy
  1002. * of this software and associated documentation files (the "Software"), to deal
  1003. * in the Software without restriction, including without limitation the rights
  1004. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  1005. * copies of the Software, and to permit persons to whom the Software is
  1006. * furnished to do so, subject to the following conditions:
  1007. *
  1008. * The above copyright notice and this permission notice shall be included in
  1009. * all copies or substantial portions of the Software.
  1010. *
  1011. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  1012. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  1013. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  1014. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  1015. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  1016. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  1017. * SOFTWARE.
  1018. */
  1019. if (!is_callable('random_bytes')) {
  1020. /**
  1021. * If the libsodium PHP extension is loaded, we'll use it above any other
  1022. * solution.
  1023. *
  1024. * libsodium-php project:
  1025. * @ref https://github.com/jedisct1/libsodium-php
  1026. *
  1027. * @param int $bytes
  1028. *
  1029. * @throws Exception
  1030. *
  1031. * @return string
  1032. */
  1033. function random_bytes($bytes)
  1034. {
  1035. try {
  1036. $bytes = RandomCompat_intval($bytes);
  1037. } catch (TypeError $ex) {
  1038. throw new TypeError(
  1039. 'random_bytes(): $bytes must be an integer'
  1040. );
  1041. }
  1042. if ($bytes < 1) {
  1043. throw new Error(
  1044. 'Length must be greater than 0'
  1045. );
  1046. }
  1047. /**
  1048. * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
  1049. * generated in one invocation.
  1050. */
  1051. if ($bytes > 2147483647) {
  1052. $buf = '';
  1053. for ($i = 0; $i < $bytes; $i += 1073741824) {
  1054. $n = ($bytes - $i) > 1073741824
  1055. ? 1073741824
  1056. : $bytes - $i;
  1057. $buf .= \Sodium\randombytes_buf($n);
  1058. }
  1059. } else {
  1060. $buf = \Sodium\randombytes_buf($bytes);
  1061. }
  1062. if ($buf !== false) {
  1063. if (RandomCompat_strlen($buf) === $bytes) {
  1064. return $buf;
  1065. }
  1066. }
  1067. /**
  1068. * If we reach here, PHP has failed us.
  1069. */
  1070. throw new Exception(
  1071. 'Could not gather sufficient random data'
  1072. );
  1073. }
  1074. }
  1075. <?php
  1076. /**
  1077. * Random_* Compatibility Library
  1078. * for using the new PHP 7 random_* API in PHP 5 projects
  1079. *
  1080. * The MIT License (MIT)
  1081. *
  1082. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  1083. *
  1084. * Permission is hereby granted, free of charge, to any person obtaining a copy
  1085. * of this software and associated documentation files (the "Software"), to deal
  1086. * in the Software without restriction, including without limitation the rights
  1087. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  1088. * copies of the Software, and to permit persons to whom the Software is
  1089. * furnished to do so, subject to the following conditions:
  1090. *
  1091. * The above copyright notice and this permission notice shall be included in
  1092. * all copies or substantial portions of the Software.
  1093. *
  1094. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  1095. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  1096. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  1097. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  1098. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  1099. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  1100. * SOFTWARE.
  1101. */
  1102. if (!is_callable('random_bytes')) {
  1103. /**
  1104. * If the libsodium PHP extension is loaded, we'll use it above any other
  1105. * solution.
  1106. *
  1107. * libsodium-php project:
  1108. * @ref https://github.com/jedisct1/libsodium-php
  1109. *
  1110. * @param int $bytes
  1111. *
  1112. * @throws Exception
  1113. *
  1114. * @return string
  1115. */
  1116. function random_bytes($bytes)
  1117. {
  1118. try {
  1119. $bytes = RandomCompat_intval($bytes);
  1120. } catch (TypeError $ex) {
  1121. throw new TypeError(
  1122. 'random_bytes(): $bytes must be an integer'
  1123. );
  1124. }
  1125. if ($bytes < 1) {
  1126. throw new Error(
  1127. 'Length must be greater than 0'
  1128. );
  1129. }
  1130. /**
  1131. * @var string
  1132. */
  1133. $buf = '';
  1134. /**
  1135. * \Sodium\randombytes_buf() doesn't allow more than 2147483647 bytes to be
  1136. * generated in one invocation.
  1137. */
  1138. if ($bytes > 2147483647) {
  1139. for ($i = 0; $i < $bytes; $i += 1073741824) {
  1140. $n = ($bytes - $i) > 1073741824
  1141. ? 1073741824
  1142. : $bytes - $i;
  1143. $buf .= Sodium::randombytes_buf((int) $n);
  1144. }
  1145. } else {
  1146. $buf .= Sodium::randombytes_buf((int) $bytes);
  1147. }
  1148. if (is_string($buf)) {
  1149. if (RandomCompat_strlen($buf) === $bytes) {
  1150. return $buf;
  1151. }
  1152. }
  1153. /**
  1154. * If we reach here, PHP has failed us.
  1155. */
  1156. throw new Exception(
  1157. 'Could not gather sufficient random data'
  1158. );
  1159. }
  1160. }
  1161. <?php
  1162. /**
  1163. * Random_* Compatibility Library
  1164. * for using the new PHP 7 random_* API in PHP 5 projects
  1165. *
  1166. * The MIT License (MIT)
  1167. *
  1168. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  1169. *
  1170. * Permission is hereby granted, free of charge, to any person obtaining a copy
  1171. * of this software and associated documentation files (the "Software"), to deal
  1172. * in the Software without restriction, including without limitation the rights
  1173. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  1174. * copies of the Software, and to permit persons to whom the Software is
  1175. * furnished to do so, subject to the following conditions:
  1176. *
  1177. * The above copyright notice and this permission notice shall be included in
  1178. * all copies or substantial portions of the Software.
  1179. *
  1180. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  1181. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  1182. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  1183. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  1184. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  1185. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  1186. * SOFTWARE.
  1187. */
  1188. if (!is_callable('random_bytes')) {
  1189. /**
  1190. * Powered by ext/mcrypt (and thankfully NOT libmcrypt)
  1191. *
  1192. * @ref https://bugs.php.net/bug.php?id=55169
  1193. * @ref https://github.com/php/php-src/blob/c568ffe5171d942161fc8dda066bce844bdef676/ext/mcrypt/mcrypt.c#L1321-L1386
  1194. *
  1195. * @param int $bytes
  1196. *
  1197. * @throws Exception
  1198. *
  1199. * @return string
  1200. */
  1201. function random_bytes($bytes)
  1202. {
  1203. try {
  1204. $bytes = RandomCompat_intval($bytes);
  1205. } catch (TypeError $ex) {
  1206. throw new TypeError(
  1207. 'random_bytes(): $bytes must be an integer'
  1208. );
  1209. }
  1210. if ($bytes < 1) {
  1211. throw new Error(
  1212. 'Length must be greater than 0'
  1213. );
  1214. }
  1215. $buf = @mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
  1216. if (
  1217. $buf !== false
  1218. &&
  1219. RandomCompat_strlen($buf) === $bytes
  1220. ) {
  1221. /**
  1222. * Return our random entropy buffer here:
  1223. */
  1224. return $buf;
  1225. }
  1226. /**
  1227. * If we reach here, PHP has failed us.
  1228. */
  1229. throw new Exception(
  1230. 'Could not gather sufficient random data'
  1231. );
  1232. }
  1233. }
  1234. <?php
  1235. if (!is_callable('random_int')) {
  1236. /**
  1237. * Random_* Compatibility Library
  1238. * for using the new PHP 7 random_* API in PHP 5 projects
  1239. *
  1240. * The MIT License (MIT)
  1241. *
  1242. * Copyright (c) 2015 - 2017 Paragon Initiative Enterprises
  1243. *
  1244. * Permission is hereby granted, free of charge, to any person obtaining a copy
  1245. * of this software and associated documentation files (the "Software"), to deal
  1246. * in the Software without restriction, including without limitation the rights
  1247. * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  1248. * copies of the Software, and to permit persons to whom the Software is
  1249. * furnished to do so, subject to the following conditions:
  1250. *
  1251. * The above copyright notice and this permission notice shall be included in
  1252. * all copies or substantial portions of the Software.
  1253. *
  1254. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  1255. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  1256. * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  1257. * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  1258. * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  1259. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  1260. * SOFTWARE.
  1261. */
  1262. /**
  1263. * Fetch a random integer between $min and $max inclusive
  1264. *
  1265. * @param int $min
  1266. * @param int $max
  1267. *
  1268. * @throws Exception
  1269. *
  1270. * @return int
  1271. */
  1272. function random_int($min, $max)
  1273. {
  1274. /**
  1275. * Type and input logic checks
  1276. *
  1277. * If you pass it a float in the range (~PHP_INT_MAX, PHP_INT_MAX)
  1278. * (non-inclusive), it will sanely cast it to an int. If you it's equal to
  1279. * ~PHP_INT_MAX or PHP_INT_MAX, we let it fail as not an integer. Floats
  1280. * lose precision, so the <= and => operators might accidentally let a float
  1281. * through.
  1282. */
  1283. try {
  1284. $min = RandomCompat_intval($min);
  1285. } catch (TypeError $ex) {
  1286. throw new TypeError(
  1287. 'random_int(): $min must be an integer'
  1288. );
  1289. }
  1290. try {
  1291. $max = RandomCompat_intval($max);
  1292. } catch (TypeError $ex) {
  1293. throw new TypeError(
  1294. 'random_int(): $max must be an integer'
  1295. );
  1296. }
  1297. /**
  1298. * Now that we've verified our weak typing system has given us an integer,
  1299. * let's validate the logic then we can move forward with generating random
  1300. * integers along a given range.
  1301. */
  1302. if ($min > $max) {
  1303. throw new Error(
  1304. 'Minimum value must be less than or equal to the maximum value'
  1305. );
  1306. }
  1307. if ($max === $min) {
  1308. return (int) $min;
  1309. }
  1310. /**
  1311. * Initialize variables to 0
  1312. *
  1313. * We want to store:
  1314. * $bytes => the number of random bytes we need
  1315. * $mask => an integer bitmask (for use with the &) operator
  1316. * so we can minimize the number of discards
  1317. */
  1318. $attempts = $bits = $bytes = $mask = $valueShift = 0;
  1319. /**
  1320. * At this point, $range is a positive number greater than 0. It might
  1321. * overflow, however, if $max - $min > PHP_INT_MAX. PHP will cast it to
  1322. * a float and we will lose some precision.
  1323. */
  1324. $range = $max - $min;
  1325. /**
  1326. * Test for integer overflow:
  1327. */
  1328. if (!is_int($range)) {
  1329. /**
  1330. * Still safely calculate wider ranges.
  1331. * Provided by @CodesInChaos, @oittaa
  1332. *
  1333. * @ref https://gist.github.com/CodesInChaos/03f9ea0b58e8b2b8d435
  1334. *
  1335. * We use ~0 as a mask in this case because it generates all 1s
  1336. *
  1337. * @ref https://eval.in/400356 (32-bit)
  1338. * @ref http://3v4l.org/XX9r5 (64-bit)
  1339. */
  1340. $bytes = PHP_INT_SIZE;
  1341. $mask = ~0;
  1342. } else {
  1343. /**
  1344. * $bits is effectively ceil(log($range, 2)) without dealing with
  1345. * type juggling
  1346. */
  1347. while ($range > 0) {
  1348. if ($bits % 8 === 0) {
  1349. ++$bytes;
  1350. }
  1351. ++$bits;
  1352. $range >>= 1;
  1353. $mask = $mask << 1 | 1;
  1354. }
  1355. $valueShift = $min;
  1356. }
  1357. $val = 0;
  1358. /**
  1359. * Now that we have our parameters set up, let's begin generating
  1360. * random integers until one falls between $min and $max
  1361. */
  1362. do {
  1363. /**
  1364. * The rejection probability is at most 0.5, so this corresponds
  1365. * to a failure probability of 2^-128 for a working RNG
  1366. */
  1367. if ($attempts > 128) {
  1368. throw new Exception(
  1369. 'random_int: RNG is broken - too many rejections'
  1370. );
  1371. }
  1372. /**
  1373. * Let's grab the necessary number of random bytes
  1374. */
  1375. $randomByteString = random_bytes($bytes);
  1376. /**
  1377. * Let's turn $randomByteString into an integer
  1378. *
  1379. * This uses bitwise operators (<< and |) to build an integer
  1380. * out of the values extracted from ord()
  1381. *
  1382. * Example: [9F] | [6D] | [32] | [0C] =>
  1383. * 159 + 27904 + 3276800 + 201326592 =>
  1384. * 204631455
  1385. */
  1386. $val &= 0;
  1387. for ($i = 0; $i < $bytes; ++$i) {
  1388. $val |= ord($randomByteString[$i]) << ($i * 8);
  1389. }
  1390. /**
  1391. * Apply mask
  1392. */
  1393. $val &= $mask;
  1394. $val += $valueShift;
  1395. ++$attempts;
  1396. /**
  1397. * If $val overflows to a floating point number,
  1398. * ... or is larger than $max,
  1399. * ... or smaller than $min,
  1400. * then try again.
  1401. */
  1402. } while (!is_int($val) || $val > $max || $val < $min);
  1403. return (int) $val;
  1404. }
  1405. }
  1406. 0e1�é¶hìUúc\H7€ÉlOS‘=𘠩áÊ2ìE³!¼ù ÈS$5¿øåË#Œ Åà4‡”0!”Ôf‹O‡¥©ËZG©ÕáŒy>(ê$Òwšº¾Û(\�ÔH°Z-”íݬ‡¯-vÖg������GBMB