diff options
| author | Andrew Dolgov <[email protected]> | 2019-03-05 20:16:50 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2019-03-05 20:16:50 +0300 |
| commit | 16a9bdc38708c0e3b81eae3a79216214d493b57e (patch) | |
| tree | 779067f1e4fec80fa687bf0cf107937bfc0ac5e3 | |
| parent | ef6d2b8a4efe2a0114e6c7c02d6522b358646c8c (diff) | |
make_password: generate longer passwords by default, use better random function if available
| -rw-r--r-- | classes/pref/users.php | 4 | ||||
| -rwxr-xr-x | include/functions.php | 2 | ||||
| -rwxr-xr-x | install/index.php | 15 |
3 files changed, 14 insertions, 7 deletions
diff --git a/classes/pref/users.php b/classes/pref/users.php index 8fd09ac4d..7b75bb872 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -231,7 +231,7 @@ class Pref_Users extends Handler_Protected { function add() { $login = trim(clean($_REQUEST["login"])); - $tmp_user_pwd = make_password(8); + $tmp_user_pwd = make_password(); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); @@ -283,7 +283,7 @@ class Pref_Users extends Handler_Protected { $login = $row["login"]; $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); - $tmp_user_pwd = make_password(8); + $tmp_user_pwd = make_password(); $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); diff --git a/include/functions.php b/include/functions.php index 8c0654f3c..acc53c84c 100755 --- a/include/functions.php +++ b/include/functions.php @@ -737,7 +737,7 @@ } } - function make_password($length = 8) { + function make_password($length = 12) { $password = ""; $possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ"; diff --git a/install/index.php b/install/index.php index accabe3d3..815422712 100755 --- a/install/index.php +++ b/install/index.php @@ -55,21 +55,28 @@ // } - function make_password($length = 8) { - + function make_password($length = 12) { $password = ""; $possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^"; - $i = 0; + $i = 0; while ($i < $length) { - $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); + + try { + $idx = function_exists("random_int") ? random_int(0, strlen($possible) - 1) : mt_rand(0, strlen($possible) - 1); + } catch (Exception $e) { + $idx = mt_rand(0, strlen($possible) - 1); + } + + $char = substr($possible, $idx, 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } + return $password; } |