From bad5036569b3c572f60dae034c42a8129adc29e5 Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sat, 30 Jan 2016 18:22:13 -0500
Subject: Handle object timestamps automatically in Object::saveObj()

The saveObj() function now initializes and update the timeCreated and timeUpdated fields of objects on its own.
A new function, getCurrentTimestamp() (from class Object) is introduced to aid simpler fetching of the date and time
---
 app/class/object.class.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'app/class/object.class.php')

diff --git a/app/class/object.class.php b/app/class/object.class.php
index bcd8dfa..93b52f0 100644
--- a/app/class/object.class.php
+++ b/app/class/object.class.php
@@ -77,6 +77,8 @@ abstract class Object extends Framework
     {
         if (isset($this->guid))
         {
+            $this->timeUpdated = $this->getCurrentTimestamp();
+
             /* Update Base */
             $updateStr = "";
 
@@ -117,6 +119,8 @@ abstract class Object extends Framework
         else
         {
             $this->guid = $this->getNewGUID();
+            $this->timeCreated = $this->getCurrentTimestamp();
+            $this->timeUpdated = $this->timeCreated;
 
             /* Insert Base */
             $colsStr = "";
@@ -179,6 +183,16 @@ abstract class Object extends Framework
         $this->db->query($query);
     }
 
+    /*
+     * Get current timestamp for object database purposes
+     */
+    function getCurrentTimestamp()
+    {
+        $query = "SELECT now() AS stamp";
+        $result = $this->db->query($query);
+        return $result[0]['stamp'];
+    }
+
     /*
      * Check whether given GUID exists
      */
-- 
cgit v1.2.3


From b6bb1893ad7b4a901a28b0fa2e725141a7b39509 Mon Sep 17 00:00:00 2001
From: Malf Furious <m@lfurio.us>
Date: Sat, 30 Jan 2016 20:48:14 -0500
Subject: Update app source of entropy for creating random blobs

Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy.
Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
---
 app/class/object.class.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'app/class/object.class.php')

diff --git a/app/class/object.class.php b/app/class/object.class.php
index 93b52f0..96cc810 100644
--- a/app/class/object.class.php
+++ b/app/class/object.class.php
@@ -214,13 +214,20 @@ abstract class Object extends Framework
     {
         do
         {
-            $sha = hash("sha256", rand());
-            $guid = substr($sha, 0, 8);
+            $guid = substr($this->getBlob(), 0, 8);
         }
         while ($this->isGUID($guid));
 
         return $guid;
     }
+
+    /*
+     * Get a random sha256 blob
+     */
+    function getBlob()
+    {
+        return hash("sha256", openssl_random_pseudo_bytes(64));
+    }
 }
 
 /*
-- 
cgit v1.2.3