From 62ebce3d9c3b2c9a9b613dcd86b2c775d857a5b7 Mon Sep 17 00:00:00 2001
From: thisgun <thisgun@naver.com>
Date: Wed, 25 May 2022 15:10:46 +0900
Subject: [PATCH] =?UTF-8?q?=EC=9D=B4=EC=A0=84=20=EB=B3=B4=EC=95=88?=
 =?UTF-8?q?=ED=8C=A8=EC=B9=98=EC=A4=91=20random=5Fbytes=20=ED=95=A8?=
 =?UTF-8?q?=EC=88=98=EB=A5=BC=20=EC=9E=98=EB=AA=BB=20=EC=A0=81=EC=9A=A9?=
 =?UTF-8?q?=ED=95=A0=20=EA=B2=83=EC=9D=84=20=EB=8B=A4=EC=8B=9C=20=EC=88=98?=
 =?UTF-8?q?=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 install/install_db.php |  2 +-
 lib/common.lib.php     | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/install/install_db.php b/install/install_db.php
index f51a5d688..53e5b1d0b 100644
--- a/install/install_db.php
+++ b/install/install_db.php
@@ -569,7 +569,7 @@ fwrite($f, "define('G5_MYSQL_PASSWORD', '".addcslashes($mysql_pass, "\\'")."');\
 fwrite($f, "define('G5_MYSQL_DB', '".addcslashes($mysql_db, "\\'")."');\n");
 fwrite($f, "define('G5_MYSQL_SET_MODE', {$mysql_set_mode});\n\n");
 fwrite($f, "define('G5_TABLE_PREFIX', '{$table_prefix}');\n\n");
-fwrite($f, "define('G5_TOKEN_ENCRYPTION_KEY', '".bin2hex(random_bytes(16))."'); // 토큰 암호화에 사용할 키\n\n");
+fwrite($f, "define('G5_TOKEN_ENCRYPTION_KEY', '".get_random_token_string(16)."'); // 토큰 암호화에 사용할 키\n\n");
 fwrite($f, "\$g5['write_prefix'] = G5_TABLE_PREFIX.'write_'; // 게시판 테이블명 접두사\n\n");
 fwrite($f, "\$g5['auth_table'] = G5_TABLE_PREFIX.'auth'; // 관리권한 설정 테이블\n");
 fwrite($f, "\$g5['config_table'] = G5_TABLE_PREFIX.'config'; // 기본환경 설정 테이블\n");
diff --git a/lib/common.lib.php b/lib/common.lib.php
index 968db5358..77a6bd650 100644
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@@ -3941,6 +3941,21 @@ function get_token_encryption_key($str=''){
     return md5($token);
 }
 
+function get_random_token_string($length=6)
+{
+    if(function_exists('random_bytes')){
+        return bin2hex(random_bytes($length));
+    }
+
+    $characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+    $characters_length = strlen($characters);
+    $output = '';
+    for ($i = 0; $i < $length; $i++)
+        $output .= $characters[rand(0, $characters_length - 1)];
+
+    return bin2hex($output);
+}
+
 function filter_input_include_path($path){
     return str_replace('//', '/', $path);
 }