make_password: generate longer passwords by default, use better random function if available

This commit is contained in:
Andrew Dolgov 2019-03-05 20:16:50 +03:00
parent ef6d2b8a4e
commit 16a9bdc387
3 changed files with 14 additions and 7 deletions

View File

@ -231,7 +231,7 @@ class Pref_Users extends Handler_Protected {
function add() {
$login = trim(clean($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$tmp_user_pwd = make_password();
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
@ -283,7 +283,7 @@ class Pref_Users extends Handler_Protected {
$login = $row["login"];
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$tmp_user_pwd = make_password(8);
$tmp_user_pwd = make_password();
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);

View File

@ -737,7 +737,7 @@
}
}
function make_password($length = 8) {
function make_password($length = 12) {
$password = "";
$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ";

View File

@ -55,21 +55,28 @@
//
}
function make_password($length = 8) {
function make_password($length = 12) {
$password = "";
$possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
$i = 0;
$i = 0;
while ($i < $length) {
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
try {
$idx = function_exists("random_int") ? random_int(0, strlen($possible) - 1) : mt_rand(0, strlen($possible) - 1);
} catch (Exception $e) {
$idx = mt_rand(0, strlen($possible) - 1);
}
$char = substr($possible, $idx, 1);
if (!strstr($password, $char)) {
$password .= $char;
$i++;
}
}
return $password;
}