From d84c44bfd1a49de78df6adcdb525b7a28e57f3a5 Mon Sep 17 00:00:00 2001
From: konrad <konrad@6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33>
Date: Sun, 24 Oct 2010 17:38:19 +0000
Subject: [PATCH] add some docu to random generator
 parallelize some parts of the login sequence

git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@610 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33
---
 src/iface/msinterface.cpp  |   15 +++++++--------
 www/inc/classes/random.php |   16 ++++++++++++----
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/src/iface/msinterface.cpp b/src/iface/msinterface.cpp
index 344b166..d6625ff 100644
--- a/src/iface/msinterface.cpp
+++ b/src/iface/msinterface.cpp
@@ -71,8 +71,10 @@ bool MSInterface::login(QString username,QString passwd)
 	msecs-=120000;//do it 2 min before session runs out
 	if(msecs>100000)//but only if it does not become annoying...
 		QTimer::singleShot(msecs,this,SLOT(relogin()));
-	//get rights
-	MTGetMyRights mrt=MTGetMyRights::query();
+	//get rights and roles
+	MTGetMyRights mrt=MTGetMyRights::asyncQuery();
+	MTGetMyRoles mrl=MTGetMyRoles::asyncQuery();
+	WTransaction::WaitForAll()<<mrt<<mrl;
 	QStringList rsl=mrt.getright();
 	for(int i=0;i<rsl.size();i++){
 // 		qDebug("have right %s",rsl[i].toAscii().data());
@@ -80,8 +82,7 @@ bool MSInterface::login(QString username,QString passwd)
 		if(x!=NoRight)userrights<<x;
 	}
 	userflags=mrt.getflag();
-	//get roles
-	MTGetMyRoles mrl=MTGetMyRoles::query();
+// 	qDebug()<<"have flags"<<userflags;
 	userroles=mrl.getrole();
 // 	for(int i=0;i<userroles.size();i++)qDebug("have role %s",userroles[i].toAscii().data());
 	
@@ -173,7 +174,7 @@ void MSInterface::initialize()
 		QString lang=QSettings().value("lang","--").toString();
 		if(lang=="--"){
 			qDebug("MSInterface: no local language is set, so not retrieving any from server.");
-			goto script;
+			return;
 		}
 		MTGetLanguage gl=MTGetLanguage::query(lang,"qm");
 		if(gl.hasError()){
@@ -185,7 +186,7 @@ void MSInterface::initialize()
 			gl=MTGetLanguage::query("C","qm");
 			if(gl.hasError()){
 				qDebug("MSInterface: cannot retrieve language 'C', giving up on languages.");
-				goto script;
+				return;
 			}
 		}
 		servertranslation=gl.getfile().value();
@@ -195,8 +196,6 @@ void MSInterface::initialize()
 		qDebug("MSInterface: successfully loaded server language %s",lang.toAscii().data());
 		MLocalFormat::setDefaultFormat(gl.getformats().value());
 	}
-	//TODO: retrieve scripts
-	script: ;
 }
 
 void MSInterface::sslErrors(QNetworkReply *src,const QList<QSslError>&errs)
diff --git a/www/inc/classes/random.php b/www/inc/classes/random.php
index 32b9eac..7a10c15 100644
--- a/www/inc/classes/random.php
+++ b/www/inc/classes/random.php
@@ -15,10 +15,13 @@
 //try to use /dev/*random
 function randseedfile($fn,$sz)
 {
+	//open /dev/(u)random
 	$fd=fopen($fn,"r");
+	//don't block - we do not have much time
 	stream_set_blocking($fd,0);
+	//add entropy
 	global $RANDSEED;
-	$RANDSEED.=sha1(fread($fd,$sz));
+	$RANDSEED.=bin2hex(fread($fd,$sz));
 	fclose($fd);
 }
 
@@ -35,7 +38,7 @@ function randseedinit()
 	//attempt to use OpenSSL
 	if (function_exists('openssl_random_pseudo_bytes')) {
 		$RANDSEED .= openssl_random_pseudo_bytes(64, $strong);
-		// if it was strong, be happy and leave
+		// if it was strong, be happy and leave (it probably already used /dev/random)
 		if($strong === true) {
 			return;
 		}
@@ -50,7 +53,7 @@ function randseedinit()
 /**return $bits bits of random data as hex string*/
 function getRandom($bits)
 {
-	//number of digits...
+	//number of hex digits...
 	$bits/=4;
 	//init
 	global $RANDSEED,$RANDCTR;
@@ -86,14 +89,19 @@ define("RND_OTHER2",0x18);
 /**return a new Code-39 capable ID; length is the amount of characters*/
 function getCode39ID($length,$range=RND_ANYRANGE)
 {
+	//we use a subset of the Code-39 characters that is moderately un-ambiguous
 	$c39="123456789ABCDEFGHJKLMNPQRSTUVWXYZ";
+	//get plenty of random bits (2 hex chars for each Code-39 char)
 	$rnd=getRandom($length*8);
+	//construct the code
 	$ret="";
 	for($i=0;$i<$length;$i++){
 		//cut random
 		$r="0x".substr($rnd,$i*2,2);
 		$r=($r+0)&31;
-		//if this is the first char, further manipulate it
+		//if this is the first char, further manipulate it;
+		//this is relied upon by the ticket/voucher/item code to minimize
+		//search for existing keys
 		if($i==0 && $range!=RND_ANYRANGE){
 			$r=($r&RND_MASK)|$range;
 		}
-- 
1.7.2.5