lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Better default function to generate passwords

Browse Source
This commit is contained in:
Laurent Destailleur 2017-11-03 17:56:53 +01:00
parent a72703d316
commit f32f3ff17f
1 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
htdocs/core/lib/security2.lib.php
View File

@ -439,7 +439,7 @@ function encodedecode_dbpassconf($level=0)
/**
* Return a generated password using default module
*
* @param boolean $generic true=Create generic password (use md5, sha1 depending on setup), false=Use the configured password generation module
* @param boolean $generic true=Create generic password (32 chars/numbers), false=Use the configured password generation module
* @return string New value for password
*/
function getRandomPassword($generic=false)
@ -447,7 +447,48 @@ function getRandomPassword($generic=false)
global $db,$conf,$langs,$user;
$generated_password='';
if ($generic) $generated_password=dol_hash(mt_rand());
if ($generic)
{
$length = 32;
$lowercase = "qwertyuiopasdfghjklzxcvbnm";
$uppercase = "ASDFGHJKLZXCVBNMQWERTYUIOP";
$numbers = "1234567890";
$randomCode = "";
if (function_exists('random_int')) // Cryptographic random
{
$max = strlen($lowercase) - 1;
for ($x = 0; $x < abs($length/3); $x++) {
$randomCode .= $lowercase{random_int(0, $max)};
}
$max = strlen($uppercase) - 1;
for ($x = 0; $x < abs($length/3); $x++) {
$randomCode .= $uppercase{random_int(0, $max)};
}
$max = strlen($numbers) - 1;
for ($x = 0; $x < abs($length/3); $x++) {
$randomCode .= $numbers{random_int(0, $max)};
}
$generated_password=str_shuffle($randomCode);
}
else // Old platform, non cryptographic random
{
$max = strlen($lowercase) - 1;
for ($x = 0; $x < abs($length/3); $x++) {
$randomCode .= $lowercase{mt_rand(0, $max)};
}
$max = strlen($uppercase) - 1;
for ($x = 0; $x < abs($length/3); $x++) {
$randomCode .= $uppercase{mt_rand(0, $max)};
}
$max = strlen($numbers) - 1;
for ($x = 0; $x < abs($length/3); $x++) {
$randomCode .= $numbers{mt_rand(0, $max)};
}
$generated_password=str_shuffle($randomCode);
}
}
else if (! empty($conf->global->USER_PASSWORD_GENERATED))
{
$nomclass="modGeneratePass".ucfirst($conf->global->USER_PASSWORD_GENERATED);