Merge pull request #18 from fkooman/random_compatHEAD2.4.0origin/masterorigin/HEADmaster

use paragonie/random_compat

1 files changed, 4 insertions, 28 deletions

diff --git a/src/GoogleAuthenticator.php b/src/GoogleAuthenticator.php
index 0925510..48b0a6f 100644
--- a/src/GoogleAuthenticator.php
+++ b/src/GoogleAuthenticator.php
@@ -2,6 +2,8 @@
 
 namespace Otp;
 
+use ParagonIE\ConstantTime\Encoding;
+
 /**
  * Google Authenticator
  *
@@ -161,7 +163,7 @@ class GoogleAuthenticator
         $string = '';
 
         for ($i = 0; $i < $length; $i++) {
-            $string .= $keys[self::getRand()];
+            $string .= $keys[random_int(0, 31)];
         }
 
         return $string;
@@ -187,7 +189,7 @@ class GoogleAuthenticator
             // Generate codes
             $code = '';
             for ($i = 1; $i <= $length; $i++) {
-                $code .= self::getRand(9);
+                $code .= random_int(0, 9);
             }
 
             // To make sure no duplicates get in
@@ -198,30 +200,4 @@ class GoogleAuthenticator
 
         return $codes;
     }
-
-    /**
-     * Get random number
-     *
-     * @return integer Random number between 0 and 31 (including)
-     */
-    private static function getRand($max = 31)
-    {
-        if (function_exists('random_int')) {
-            // Uses either the PHP7 internal function or the polyfill if present
-            return random_int(0, $max);
-        } elseif (function_exists('openssl_random_pseudo_bytes')) {
-            // For those not wanting either PHP7 or the polyfill, this works well enough
-            $bytes = openssl_random_pseudo_bytes(2);
-            $number = hexdec(bin2hex($bytes));
-
-            if ($number > $max) {
-                $number = $number % ($max + 1);
-            }
-
-            return $number;
-        } else {
-            // And last case, this does the trick too
-            return mt_rand(0, $max);
-        }
-    }
 }