-1

I have a function in my class (derived from this function) to generate a secure code and then a test function to update the database and print the code out onto the page. The generator function works fine on a page where it is just functionally programmed and immediately called, but once I put it into my class in CodeIgniter, it doesn't work.

Here is my generator function:

private function createSecureCode()
{

    // Get 128 pseudorandom bits in a string of 16 bytes
    $pr_bits = '';

    $fp = @fopen('/dev/urandom','rb');
    if ($fp !== false) {
        $pr_bits .= @fread($fp,16);
        @fclose($fp);
    }

    return $pr_bits;

}

Here is my test function:

public function test()
{

$query = $this->db->get("clients");
$result = "";
    foreach($query->result() as $results)
        {

            $code = $this->createSecureCode();
            $result .= $code." - ";
            $this->db->where("client_id", $results->client_id);
            $this->db->update("clients", array("client_secure_code" => $code, "client_active" => 1));


        }

    /*$query = $this->db->get("clients");
    $row = $query->first_row();
    print($row->client_secure_code." - ");*/
    print($result);
    return $result;

}
Community
  • 1
  • 1
Phil Young
  • 1,334
  • 3
  • 21
  • 43
  • 1
    "but once I put it into my class in CodeIgniter, it doesn't work." - what actually happens (or doesnt happen)? Is "createSecureCode()" in the same class, because you have it set as private? – Laurence May 11 '12 at 15:09
  • Yes, they are both in the clients model. Sorry, when I call createSecureCode() into the $code variable, the $code variable is empty – Phil Young May 11 '12 at 15:12

1 Answers1

1

The problem is the rerouting that Codeigniter will be doing with the index.php

So "$fp = @fopen('/dev/urandom','rb');" is failing - because it will be looking in the wrong directory:

/home/public_html/index.php/dev/urandom

But I guess your file is stored:

/home/dev/urandom

So you'll need to do something like this:

$fp = @fopen('../../dev/urandom','rb')

But you'll need to test and adjust for your server/setup as needed

Laurence
  • 58,936
  • 21
  • 171
  • 212
  • the actual filepath to my model is `/var/www/vhosts/username/httpdocs/library/application/model/client_model.php` so does that mean that `../../../../../../../../dev/urandom` should work? – Phil Young May 11 '12 at 15:25
  • no - not the file path to your model - the file path to your index.php - that is all Codeigniter ever touches. So find which directory your main "index.php" file is in (I'm guessing the httpdocs folder) - and make the path relative to that (probably ../dev/urandom) – Laurence May 11 '12 at 15:30
  • I've just found out there is a open_basedir restriction on the client's server which is blocking access, is there any other source for the bytes than /dev/urandom? – Phil Young May 11 '12 at 15:38
  • you could use openssl_random_pseudo_bytes () – Laurence May 12 '12 at 15:04
  • The server says it's not a defined function and I think that is because the server is running php v. 5.2.17 with no openssl extension. Any more ideas? – Phil Young May 14 '12 at 08:58
  • 1
    well - depends how 'cyptosecure' you need to be (but given you dont have open_basedir access) I guess your best option is: "md5(uniqid(mt_rand()))" This will be random enough for most things. – Laurence May 15 '12 at 04:41