From 1437913f3943b238e0f44b89b0308c5d5b23e2be Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Tue, 19 May 2009 21:51:08 +0000
Subject: [PATCH] Fix: remplace rand par mt_rand plus performant

---
 htdocs/includes/fpdf/fpdfi/fpdi_protection.php | 2 +-
 htdocs/lib/security.lib.php                    | 2 +-
 htdocs/main.inc.php                            | 2 +-
 htdocs/public/paybox/newpayment.php            | 2 +-
 htdocs/user.class.php                          | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/htdocs/includes/fpdf/fpdfi/fpdi_protection.php b/htdocs/includes/fpdf/fpdfi/fpdi_protection.php
index c45c74b1785..34475a6482b 100644
--- a/htdocs/includes/fpdf/fpdfi/fpdi_protection.php
+++ b/htdocs/includes/fpdf/fpdfi/fpdi_protection.php
@@ -62,7 +62,7 @@ class FPDI_Protection extends FPDI {
             $protection += $options[$permission];
         }
         if ($owner_pass === null)
-            $owner_pass = uniqid(rand());
+            $owner_pass = uniqid(mt_rand());
         $this->encrypted = true;
         $this->_generateencryptionkey($user_pass, $owner_pass, $protection);
     }
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index fc3c8ea947a..4d1531487a1 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -277,7 +277,7 @@ function makesalt($type=CRYPT_SALT_LENGTH)
 		$saltlen=2; $saltprefix=''; $saltsuffix=''; break;
 	}
 	$salt='';
-	while(strlen($salt) < $saltlen) $salt.=chr(rand(64,126));
+	while(strlen($salt) < $saltlen) $salt.=chr(mt_rand(64,126));
 
 	$result=$saltprefix.$salt.$saltsuffix;
 	dol_syslog("security.lib.php::makesalt return=".$result);
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 4a6246e6574..2d8748d0b62 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -168,7 +168,7 @@ session_start();
 dol_syslog("Start session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".(isset($_SESSION["dol_login"])?$_SESSION["dol_login"]:'').", ".ini_get("session.gc_maxlifetime"));
 
 // Creation d'un jeton contre les failles CSRF
-$token = md5(uniqid(rand(),TRUE)); // Genere un hash d'un nombre aleatoire
+$token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
 // roulement des jetons car cree a chaque appel
 if (isset($_SESSION['token_level_1'])) $_SESSION['token_level_2'] = $_SESSION['token_level_1'];
 if (isset($_SESSION['newtoken'])) $_SESSION['token_level_1'] = $_SESSION['newtoken'];
diff --git a/htdocs/public/paybox/newpayment.php b/htdocs/public/paybox/newpayment.php
index 102213bf6d7..f5bd30c8ddd 100644
--- a/htdocs/public/paybox/newpayment.php
+++ b/htdocs/public/paybox/newpayment.php
@@ -30,7 +30,7 @@
 $sessionname="DOLSESSID_PAYBOX";
 session_name($sessionname);
 session_start();
-$token = md5(uniqid(rand(),TRUE)); // Genere un hash d'un nombre aleatoire
+$token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
 // roulement des jetons car cree a chaque appel
 if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
 $_SESSION['newtoken'] = $token;
diff --git a/htdocs/user.class.php b/htdocs/user.class.php
index 375ac970b0b..47d7e1f1d66 100644
--- a/htdocs/user.class.php
+++ b/htdocs/user.class.php
@@ -1784,7 +1784,7 @@ function creer_pass_aleatoire_1($sel = "")
 {
 	$longueur = 8;
 
-	return strtolower(substr(md5(uniqid(rand())),0,$longueur));
+	return strtolower(substr(md5(uniqid(mt_rand())),0,$longueur));
 }
 
 
@@ -1806,7 +1806,7 @@ function creer_pass_aleatoire_2($sel = "")
 	{
 		if (!$s)
 		{
-	  if (!$s) $s = rand();
+	  if (!$s) $s = mt_rand();
 	  $s = substr(md5(uniqid($s).$sel), 0, 16);
 		}
 		$r = unpack("Cr", pack("H2", $s.$s));