diff --git a/ChangeLog b/ChangeLog index 85bd8b9b..c1e813fe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15919,3 +15919,6 @@ 2017-08-01 Fred Gleason * Fixed a bug in 'rdlogmanager/edit_grid.cpp' to broke functioning of the 'Clear Hour' item in the right-click menu. +2017-08-02 Fred Gleason + * Refactored the algorithm for calculating web tickets in + 'web/rdxport/rdxport.cpp'. diff --git a/web/rdxport/rdxport.cpp b/web/rdxport/rdxport.cpp index 3f0dc4b2..af1ba3f8 100644 --- a/web/rdxport/rdxport.cpp +++ b/web/rdxport/rdxport.cpp @@ -18,6 +18,7 @@ // Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. // +#include #include #include #include @@ -355,23 +356,32 @@ void Xport::TryCreateTicket(const QString &name) QString ticket; QString passwd; int command; - unsigned char rawstr[1024]; + char rawstr[1024]; unsigned char sha1[SHA_DIGEST_LENGTH]; QString sql; RDSqlQuery *q; if(xport_post->getValue("COMMAND",&command)) { if(command==RDXPORT_COMMAND_CREATETICKET) { - QDateTime now=QDateTime::currentDateTime(); - snprintf((char *)rawstr,1024,"%s %s %s", - (const char *)now.toString("yyyy-MM-dd hh:mm:ss.zzz"), - (const char *)name, - (const char *)xport_post->clientAddress().toString()); - SHA1(rawstr,strlen((char *)rawstr),sha1); + struct timeval tv; + memset(&tv,0,sizeof(tv)); + gettimeofday(&tv,NULL); + srandom(tv.tv_usec); + for(int i=0;i<5;i++) { + long r=random(); + unsigned ipv4_addr=xport_post->clientAddress().toIPv4Address(); + snprintf(rawstr+i*8,8,"%c%c%c%c%c%c%c%c", + 0xff&((int)r>>24),0xff&(ipv4_addr>>24), + 0xff&((int)r>>16),0xff&(ipv4_addr>>16), + 0xff&((int)r>>8),0xff&(ipv4_addr>>8), + 0xff&(int)r,0xff&ipv4_addr); + } + SHA1((const unsigned char *)rawstr,40,sha1); ticket=""; for(int i=0;i