diff --git a/htdocs/core/lib/security2.lib.php b/htdocs/core/lib/security2.lib.php index c526d57bee0..e953a8018cb 100644 --- a/htdocs/core/lib/security2.lib.php +++ b/htdocs/core/lib/security2.lib.php @@ -454,18 +454,21 @@ function getRandomPassword($generic=false) $uppercase = "ASDFGHJKLZXCVBNMQWERTYUIOP"; $numbers = "1234567890"; $randomCode = ""; + $nbofchar = round($length/3); + $nbofcharlast = ($length - 2*$nbofchar); + var_dump($nbofchar.'-'.$nbofcharlast); if (function_exists('random_int')) // Cryptographic random { $max = strlen($lowercase) - 1; - for ($x = 0; $x < abs($length/3); $x++) { + for ($x = 0; $x < $nbofchar; $x++) { $randomCode .= $lowercase{random_int(0, $max)}; } $max = strlen($uppercase) - 1; - for ($x = 0; $x < abs($length/3); $x++) { + for ($x = 0; $x < $nbofchar; $x++) { $randomCode .= $uppercase{random_int(0, $max)}; } $max = strlen($numbers) - 1; - for ($x = 0; $x < abs($length/3); $x++) { + for ($x = 0; $x < $nbofcharlast; $x++) { $randomCode .= $numbers{random_int(0, $max)}; } @@ -474,15 +477,15 @@ function getRandomPassword($generic=false) else // Old platform, non cryptographic random { $max = strlen($lowercase) - 1; - for ($x = 0; $x < abs($length/3); $x++) { + for ($x = 0; $x < $nbofchar; $x++) { $randomCode .= $lowercase{mt_rand(0, $max)}; } $max = strlen($uppercase) - 1; - for ($x = 0; $x < abs($length/3); $x++) { + for ($x = 0; $x < $nbofchar; $x++) { $randomCode .= $uppercase{mt_rand(0, $max)}; } $max = strlen($numbers) - 1; - for ($x = 0; $x < abs($length/3); $x++) { + for ($x = 0; $x < $nbofcharlast; $x++) { $randomCode .= $numbers{mt_rand(0, $max)}; } diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php index 288a15c317e..87a5fdeb905 100644 --- a/test/phpunit/SecurityTest.php +++ b/test/phpunit/SecurityTest.php @@ -148,7 +148,7 @@ class SecurityTest extends PHPUnit_Framework_TestCase $_GET["param3"]='"a/b#e(pr)qq-rr\cc'; // Same than param2 + " $_GET["param4"]='../dir'; $_GET["param5"]="a_1-b"; - + // Test int $result=GETPOST('id','int'); // Must return nothing print __METHOD__." result=".$result."\n"; @@ -179,19 +179,19 @@ class SecurityTest extends PHPUnit_Framework_TestCase $result=GETPOST("param1",'aZ09'); // Must return '' as there is a forbidden char ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result,$_GET["param1"]); - + $result=GETPOST("param2",'aZ09'); // Must return '' as there is a forbidden char ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result,''); - + $result=GETPOST("param3",'aZ09'); // Must return '' as there is a forbidden char ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result,''); - + $result=GETPOST("param4",'aZ09'); // Must return '' as there is a forbidden char ../ print __METHOD__." result=".$result."\n"; $this->assertEquals($result,''); - + $result=GETPOST("param5",'aZ09'); print __METHOD__." result=".$result."\n"; $this->assertEquals($result,$_GET["param5"]); @@ -255,17 +255,17 @@ class SecurityTest extends PHPUnit_Framework_TestCase $genpass1=getRandomPassword(true); // Should be a string return by dol_hash (if no option set, will be md5) print __METHOD__." genpass1=".$genpass1."\n"; - $this->assertEquals(strlen($genpass1),32); + $this->assertEquals(strlen($genpass1), 32); $conf->global->USER_PASSWORD_GENERATED='None'; $genpass2=getRandomPassword(false); // Should be an empty string print __METHOD__." genpass2=".$genpass2."\n"; - $this->assertEquals($genpass2,''); + $this->assertEquals($genpass2, ''); $conf->global->USER_PASSWORD_GENERATED='Standard'; $genpass3=getRandomPassword(false); print __METHOD__." genpass3=".$genpass3."\n"; - $this->assertEquals(strlen($genpass3),8); + $this->assertEquals(strlen($genpass3), 8); return 0; }