Author Topic: [FIXED] OpenID (Create First User) CryptUtil.php  (Read 2588 times)

chriscuk18

  • Guest
[FIXED] OpenID (Create First User) CryptUtil.php
« on: July 16, 2009, 03:48:26 am »
Hi All

I'm sure a lot of your have been experiencing problems when installing CiviCRM when it comes to creating your first user account and been presented with an OpenID (I don't really think the world is ready for this kind of auth yet) however you may have found that your CryptUtil.php just won't authorize your account and keep getting the following error....

Fatal error.  Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator. in <domain>\civicrm\packages\Auth\OpenID\CryptUtil.php on line 52...

I asked one of my good friends Edward Millen who is a PHP genius to look at the error, and bob's your uncle, he had a look spent 20mins and Walla, brand new CryptUtil.php working fine with OpenID. Which is secure and not a unsecured workaround

If you would like to e-mail him. eddy 'at' edwardmillen .co.uk or edward 'at' edwardmillen .co.uk

I would like to just post this fix and give him some credit for fixing this. I'm sure he will explain the error in more detail if asked.

For the mean time here's the code, which works flawlessly now :D

THANKS EDDY!!!!!!!!!

<?php

/**
 * CryptUtil: A suite of wrapper utility functions for the OpenID
 * library.
 *
 * PHP versions 4 and 5
 *
 * LICENSE: See the COPYING file included in this distribution.
 *
 * @access private
 * @package OpenID
 * @author JanRain, Inc. <openid@janrain.com>
 * @copyright 2005-2008 Janrain, Inc.
 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
 */

if (!defined('Auth_OpenID_RAND_SOURCE')) {
    /**
     * The filename for a source of random bytes. Define this yourself
     * if you have a different source of randomness.
     */
    define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
}

class Auth_OpenID_CryptUtil {
    /**
     * Get the specified number of random bytes.
     *
     * Attempts to use a cryptographically secure (not predictable)
     * source of randomness if available. If there is no high-entropy
     * randomness source available, it will fail. As a last resort,
     * for non-critical systems, define
     * <code>Auth_OpenID_RAND_SOURCE</code> as <code>null</code>, and
     * the code will fall back on a pseudo-random number generator.
     *
     * @param int $num_bytes The length of the return value
     * @return string $bytes random bytes
     */
    function getBytes($num_bytes)
    {
        static $f = null;
        $bytes = '';
        if ($f === null) {
            if (Auth_OpenID_RAND_SOURCE === null) {
                $f = false;
            } else {
                $f = @fopen(Auth_OpenID_RAND_SOURCE, "r");
                if ($f === false) {
                    $msg = 'Define Auth_OpenID_RAND_SOURCE as null to ' .
                        ' continue with an insecure random number generator.';
                    trigger_error($msg, E_USER_ERROR);
                }
            }
        }
        if ($f === false) {
            // pseudorandom used
            $bytes = '';
            for ($i = 0; $i < $num_bytes; $i += 4) {
                $bytes .= pack('L', mt_rand());
            }
            $bytes = substr($bytes, 0, $num_bytes);
        } else {
            $bytes = fread($f, $num_bytes);
        }
        return $bytes;
    }

    /**
     * Produce a string of length random bytes, chosen from chrs.  If
     * $chrs is null, the resulting string may contain any characters.
     *
     * @param integer $length The length of the resulting
     * randomly-generated string
     * @param string $chrs A string of characters from which to choose
     * to build the new string
     * @return string $result A string of randomly-chosen characters
     * from $chrs
     */
    function randomString($length, $population = null)
    {
        if ($population === null) {
            return Auth_OpenID_CryptUtil::getBytes($length);
        }

        $popsize = strlen($population);

        if ($popsize > 256) {
            $msg = 'More than 256 characters supplied to ' . __FUNCTION__;
            trigger_error($msg, E_USER_ERROR);
        }

        $duplicate = 256 % $popsize;

        $str = "";
        for ($i = 0; $i < $length; $i++) {
            do {
                $n = ord(Auth_OpenID_CryptUtil::getBytes(1));
            } while ($n < $duplicate);

            $n %= $popsize;
            $str .= $population[$n];
        }

        return $str;
    }
}

?>

squidgy

  • Guest
Re: [FIXED] OpenID (Create First User) CryptUtil.php
« Reply #1 on: August 19, 2009, 02:46:33 am »
I can't get this to work  :( I now have a problem
 "with Fatal error: Class 'Auth_OpenID' not found in /home/yadda/public_html/crm/civicrm/packages/Auth/OpenID/Message.php on line 82.  Is there any fix that works? Im not that experienced in PHP, having used asp mainly and this is hard,  is it worth going on with?