From d48ae4c40ca051cd5e6046c9334dcf5b09945dad Mon Sep 17 00:00:00 2001
From: fuzzykitten <fuzzykitten@mail.i2p>
Date: Fri, 11 Apr 2025 12:42:35 -0400
Subject: [PATCH] changed make_token, so that characterset can be determined

---
 opt/admin.php |  8 ++++----
 opt/base.php  | 21 ++++++++++++++-------
 opt/bot.php   | 12 +-----------
 opt/post.php  | 18 ++++--------------
 opt/show.php  |  4 ++--
 5 files changed, 25 insertions(+), 38 deletions(-)

diff --git a/opt/admin.php b/opt/admin.php
index 32a3e45..c30312a 100644
--- a/opt/admin.php
+++ b/opt/admin.php
@@ -109,7 +109,7 @@ function check_admin($db, $settings)
     }
 
     if ( ($key == '') && (!file_exists($filename)) ) {
-        $token = make_token(250);
+        $token = make_token(250, 'alnum');
         $token_hash = password_hash($token, PASSWORD_DEFAULT);
 
         if ($counter == 0) {
@@ -264,7 +264,7 @@ function check_auth_admin($db, $settings)
 
  	}
 	
-	$token = make_token(250);
+	$token = make_token(250, 'alnum');
 	$token_hash = password_hash($token, PASSWORD_DEFAULT);
 
 	$statement = $db->prepare("UPDATE keys
@@ -371,7 +371,7 @@ function check_auth_mod($db, $settings)
 
     }
 
-	$token = make_token(250);
+	$token = make_token(250, 'alnum');
 	$token_hash = password_hash($token, PASSWORD_DEFAULT);
 
 	$statement = $db->prepare("UPDATE keys
@@ -621,7 +621,7 @@ function dump_full($db, $settings)
 		array_push($json_dump, $post);
 	}
 
-	$diff = make_token(20);
+	$diff = make_token(20, 'alnum');
     $filename = $settings['work_dir'] . 'full_dump_' . $diff . '.json';
 
 	file_put_contents($filename, json_encode($json_dump, 
diff --git a/opt/base.php b/opt/base.php
index eb56be7..6772c2d 100644
--- a/opt/base.php
+++ b/opt/base.php
@@ -492,18 +492,25 @@ function make_tables($db)
 // a limited time. A way of having sessions without cookies.
 // Also used as a hidden field in the post form to prevent double 
 // posting by sending the same input twice.
-function make_token($length)
+function make_token($length, $mode)
 {
+	if ( $mode == 'alnum' ) {
+	    $characters  = '0123456789'
+	                 . 'abcdefghijklmnopqrstuvwxyz'
+	                 . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+	} elseif ( $mode == 'alpha' ) {                 
+	    $characters  = 'abcdefghijklmnopqrstuvwxyz'
+	                 . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+	} elseif ( $mode == 'num' ) {
+		$characters  = '0123456789';
+	}
+	
+    $counter = count($characters) - 1;
 
-    $characters  = '0123456789'
-                 . 'abcdefghijklmnopqrstuvwxyz'
-                 . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-                 
     $random_string = '';
 
     for ($i = 0; $i < $length; $i++) {
-        $index = random_int(0, 61);
-        // we have 62 to choose, so 0 to 61
+        $index = random_int(0, $counter);
         $random_string .= $characters[$index];
     }
 
diff --git a/opt/bot.php b/opt/bot.php
index da2c4aa..55d30d4 100644
--- a/opt/bot.php
+++ b/opt/bot.php
@@ -248,17 +248,7 @@ function check_portal($db, $settings, $ip)
         log_event($db, $settings, "portal", $portal_message, $ip);
 		return;
     } else {
-		$characters  = 'abcdefghijklmnopqrstuvwxyz'
-                     . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-                 
-        $random_string = '';
-
-        for ($i = 0; $i < 20; $i++) {
-            // token length is set to 20 characters
-            $index = random_int(0, 51);
-            // we have 52 to choose, so 0 to 51
-            $random_string .= $characters[$index];
-        }
+        $random_string = make_token(20, 'alpha');
         
 //		$request = '/' . $random_string;
 
diff --git a/opt/post.php b/opt/post.php
index c023f1d..58e2885 100644
--- a/opt/post.php
+++ b/opt/post.php
@@ -52,18 +52,8 @@
 function answer_redirect($sub, $css, $post_id, $settings)
 {
 
-	$characters  = 'abcdefghijklmnopqrstuvwxyz'
-				 . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-			 
-	$random_string = '';
-
-	for ($i = 0; $i < 20; $i++) {
-		// token length is set to 20 characters
-		$index = random_int(0, 51);
-		// we have 52 to choose, so 0 to 51
-		$random_string .= $characters[$index];
-	}
-
+	$random_string = make_token(10, 'alpha');
+	
 	if ( ( $settings['enable_tripcodes'] == TRUE ) &&
 	     ( $_POST['combination'] == $_POST['combination_hidden'] ) &&
 	     ( !empty($_POST['combination']) ) ) { 
@@ -557,8 +547,8 @@ function make_post($db, $sub, $settings, $text, $org_id)
 
 function make_tripcode($settings)
 {
-	$tripkey = make_token(25);
-	$differ = make_token(6);
+	$tripkey = make_token(25, 'alnum');
+	$differ = make_token(6, 'alnum');
 	$name = $settings['prefix_autogen'] . $differ;
 	$combination = $name . '#' . $tripkey;
 	
diff --git a/opt/show.php b/opt/show.php
index d6b1c29..00e517c 100644
--- a/opt/show.php
+++ b/opt/show.php
@@ -109,7 +109,7 @@ function show_edit_form($db, $sub, $post_id, $ip, $css, $settings)
                   . "<input type='hidden' name='original' value='$original'>"
                   . "<input type='hidden' name='post_id' value='$post_id'>";
  
-    $token = make_token(250);
+    $token = make_token(250, 'alnum');
     $current = time();
 
 	$hash = hash('sha512', $token);
@@ -183,7 +183,7 @@ function show_post_form($db, $msg, $sub, $settings, $org_id, $css, $quote, $ip)
         $html_string .= "<input type='hidden' name='org_id' value='$org_id'>";
     }
 
-    $token = make_token(250);
+    $token = make_token(250, 'alnum');
     $current = time();
 
     if ($settings['use_captcha']) {