Fix rand# gen

add_key.php

@@ -52,8 +52,8 @@ if ($ci['perm_id'] != 1 && $ci['perm_id'] != 2) {
 	exit;
 }
 
-$tokenId = genRandB64(6);
-$secret = genRandB64(16);
+$tokenId = base64_encode(genRandRaw(6));
+$secret = base64_encode(genRandRaw(16));
 $keyid = addNewKey($tokenId, 1, $secret, '', $client);
 
 if ($keyid > 0) {
@@ -80,7 +80,7 @@ function reply($status, $apiKey, $client_id, $nonce, $info=null) {
 
 	// Generate the signature
 	debug('API key: '.$apiKey); // API key of the client
-	debug('Signing: '.$respParams);
+	debug('Signing response: '.$respParams);
 	// the TRUE at the end states we want the raw value, not hexadecimal form
 	$hmac = hash_hmac('sha1', utf8_encode($respParams), $apiKey, true);
 	//outputToFile('hmac', $hmac, "b");

common.php

@@ -1,5 +1,4 @@
 <?php
-
 define('S_OK', 'OK');
 define('S_BAD_OTP', 'BAD_OTP');
 define('S_BAD_CLIENT', 'BAD_CLIENT'); // New, added by paul 20080920
@@ -25,10 +24,15 @@ function debug($msg, $exit=false) {
 	}
 }
 
-function genRandB64($len) {
-	$r = hash('sha1', rand(999,99999999));
-	$r = substr(0,$len);
-	return base64_encode($r);
+function genRandRaw($len) {
+	$h = hash_hmac('sha1', rand(9999,9999999), 'dj*ccbcuiiurubrvnubcdluul', true);
+	$a = str_split($h);
+	//print_r($a);
+	$a = array_slice($a, 0, $len);
+	//print_r($a);
+	$s = implode($a);
+	//outputToFile('out', $s);
+	return $s;
 }
 
 function outputToFile($outFname, $content, $mode, $append = false) {