#5734

- replaced array_rand($array) with mt_rand(0, sizeof($array) - 1) as array_rand did not take my seed


git-svn-id: file:///svn/phpbb/trunk@6705 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/captcha/captcha_gd.php

@@ -19,7 +19,7 @@ class captcha
 	var $width = 360;
 	var $height = 96;
 
-	function execute($code)
+	function execute($code, $seed)
 	{
 		global $config;
 		$stats = gd_info();
@@ -48,6 +48,9 @@ class captcha
 			imageantialias($image, true);
 		}
 
+		// seed the random generator
+		mt_srand($seed);
+
 		// set background color
 		$back =  imagecolorallocate($image, mt_rand(224, 255), mt_rand(224, 255), mt_rand(224, 255));
 		imagefilledrectangle($image, 0, 0, $this->width, $this->height, $back);
@@ -79,7 +82,7 @@ class captcha
 				$x		= mt_rand(0, 360);
 				$y		= mt_rand(0, (int)($this->height - ($size / 5)));
 				$color	= $func2($image, mt_rand(160, 224), mt_rand(160, 224), mt_rand(160, 224));
-				$text	= $chars_allowed[array_rand($chars_allowed)];
+				$text	= $chars_allowed[mt_rand(0, sizeof($chars_allowed) - 1)];
 				imagettftext($image, $size, $angle, $x, $y, $color, $this->get_font(), $text);
 			}
 			unset($chars_allowed);
@@ -145,7 +148,7 @@ class captcha
 			closedir($dr);
 		}
 
-		return $fonts[array_rand($fonts)];
+		return $fonts[mt_rand(0, sizeof($fonts) - 1)];
 	}
 }
 

phpBB/includes/captcha/captcha_non_gd.php

@@ -30,15 +30,14 @@ class captcha
 	}
 
 	/**
-	* Create the image containing $code
+	* Create the image containing $code with a seed of $seed
 	*/
-	function execute($code)
+	function execute($code, $seed)
 	{
 		$img_height = $this->height - 10;
 		$img_width = 0;
 
-		list($usec, $sec) = explode(' ', microtime()); 
-		mt_srand($sec * $usec);
+		mt_srand($seed);
 
 		$char_widths = $hold_chars = array();
 		$code_len = strlen($code);

phpBB/includes/functions.php

@@ -1903,12 +1903,14 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				// Generate code
 				$code = gen_rand_string(mt_rand(5, 8));
 				$confirm_id = md5(unique_id($user->ip));
+				$seed = hexdec(substr(unique_id(), 4, 10));
 
 				$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 					'confirm_id'	=> (string) $confirm_id,
 					'session_id'	=> (string) $user->session_id,
 					'confirm_type'	=> (int) CONFIRM_LOGIN,
-					'code'			=> (string) $code)
+					'code'			=> (string) $code,
+					'seed'			=> (int) $seed)
 				);
 				$db->sql_query($sql);
 

phpBB/includes/ucp/ucp_confirm.php

@@ -39,7 +39,7 @@ class ucp_confirm
 		}
 
 		// Try and grab code for this id and session
-		$sql = 'SELECT code  
+		$sql = 'SELECT code, seed
 			FROM ' . CONFIRM_TABLE . " 
 			WHERE session_id = '" . $db->sql_escape($user->session_id) . "' 
 				AND confirm_id = '" . $db->sql_escape($confirm_id) . "'
@@ -64,7 +64,7 @@ class ucp_confirm
 		}
 
 		$captcha = new captcha();
-		$captcha->execute($row['code']);
+		$captcha->execute($row['code'], $row['seed']);
 		exit;
 	}
 }

phpBB/includes/ucp/ucp_register.php

@@ -441,12 +441,14 @@ class ucp_register
 
 				$code = gen_rand_string(mt_rand(5, 8));
 				$confirm_id = md5(unique_id($user->ip));
+				$seed = hexdec(substr(unique_id(), 4, 10));
 
 				$sql = 'INSERT INTO ' . CONFIRM_TABLE . ' ' . $db->sql_build_array('INSERT', array(
 					'confirm_id'	=> (string) $confirm_id,
 					'session_id'	=> (string) $user->session_id,
 					'confirm_type'	=> (int) CONFIRM_REG,
-					'code'			=> (string) $code)
+					'code'			=> (string) $code,
+					'seed'			=> (int) $seed)
 				);
 				$db->sql_query($sql);
 			}