From 65adb16191c3d1751922267f374b19ed78247a58 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 5 Jul 2021 17:55:17 +0200
Subject: [PATCH] Fix increase entrophy of default password generation.

---
 .../generate/modGeneratePassStandard.class.php        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
index e091b5069e9..a358f916429 100644
--- a/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
+++ b/htdocs/core/modules/security/generate/modGeneratePassStandard.class.php
@@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword
 		$password = "";
 
 		// define possible characters
-		$possible = "0123456789bcdfghjkmnpqrstvwxyz";
+		$possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP";
 
 		// set up a counter
 		$i = 0;
@@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword
 		// add random characters to $password until $length is reached
 		while ($i < $this->length) {
 			// pick a random character from the possible ones
-			$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+			if (function_exists('random_int')) {	// Cryptographic random
+				$char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1);
+			} else {
+				$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+			}
 
-			// we don't want this character if it's already in the password
-			if (!strstr($password, $char)) {
+			if (substr_count($password, $char) <= 6) {	// we don't want this character if it's already 5 times in the password
 				$password .= $char;
 				$i++;
 			}