CodeIgniter Forums
Fixing Captcha helper [php<7] - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: Fixing Captcha helper [php<7] (/showthread.php?tid=63814)

Fixing Captcha helper [php<7] - DiegoMGar - 12-11-2015

Hi, i was today trying to use tank_auth with the actual version of CI and i got a big problem, when CI is trying to show a captcha, calling create_captcha from the helper, the server dies for time exceed.

So, reading and reading the code, i find the issue, at line 132 of captcha helper randomize the pool only if random_int exists, working only in php7. For people like me, using 5, must add an else statement.

Let's see, change:
Code:
// PHP7 or a suitable polyfill
if (function_exists('random_int'))
            {
                try
                {
                    for ($i = 0; $i < $word_length; $i++)
                    {
                        $word .= $pool[random_int(0, $rand_max)];
                    }
                }
                catch (Exception $e)
                {
                    // This means fallback to the next possible
                    // alternative to random_int()
                    $word = '';
                }
            }
for:
Code:
// PHP7 or a suitable polyfill
if (function_exists('random_int'))
            {
                try
                {
                    for ($i = 0; $i < $word_length; $i++)
                    {
                        $word .= $pool[random_int(0, $rand_max)];
                    }
                }
                catch (Exception $e)
                {
                    // This means fallback to the next possible
                    // alternative to random_int()
                    $word = '';
                }
            }else{ //PHP5
                for ($i = 0; $i < $word_length; $i++)
                {
                    $word .= $pool[rand(0, strlen($pool) - 1)];
                }
            }

I hope i'm writting the thread at the correct sub-forum. Otherwhise, please tell me or move, i thing this is a big bug.

RE: Fixing Captcha helper [php<7] - Narf - 12-11-2015

No, you MUST NOT add that else.

https://github.com/bcit-ci/CodeIgniter/commit/2fe1a2389aa13c3acde7fb42ab35e79504e89f75

RE: Fixing Captcha helper [php<7] - DiegoMGar - 12-12-2015

Ok! Thank you! Can you explain why the else is not good there? Is rand not secure?

RE: Fixing Captcha helper [php<7] - Narf - 12-12-2015

Exactly - rand() is not secure; it's not actually random.
That's the reason why 3.0.3 changed the captcha helper in the first place.