From 16a9bdc38708c0e3b81eae3a79216214d493b57e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 5 Mar 2019 20:16:50 +0300
Subject: make_password: generate longer passwords by default, use better
 random function if available

---
 install/index.php | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'install')

diff --git a/install/index.php b/install/index.php
index accabe3d3..815422712 100755
--- a/install/index.php
+++ b/install/index.php
@@ -55,21 +55,28 @@
 		//
 	}
 
-	function make_password($length = 8) {
-
+	function make_password($length = 12) {
 		$password = "";
 		$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
 
-	$i = 0;
+		$i = 0;
 
 		while ($i < $length) {
-			$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
+
+			try {
+				$idx = function_exists("random_int") ? random_int(0, strlen($possible) - 1) : mt_rand(0, strlen($possible) - 1);
+			} catch (Exception $e) {
+				$idx = mt_rand(0, strlen($possible) - 1);
+			}
+
+			$char = substr($possible, $idx, 1);
 
 			if (!strstr($password, $char)) {
 				$password .= $char;
 				$i++;
 			}
 		}
+
 		return $password;
 	}
 
-- 
cgit v1.2.3