Browse Source
change generate_password() to allow for repeated characaters, which probably provides more entropy.
pull/941/head
David Goodwin
5 months ago
Failed to extract signature
1 changed files with
5 additions and
10 deletions
-
functions.inc.php
|
|
|
@ -882,24 +882,19 @@ function encode_header($string, $default_charset = "utf-8") |
|
|
|
* Generate a random password of $length characters. |
|
|
|
* @param int $length (optional, default: 12) |
|
|
|
* @return string |
|
|
|
* |
|
|
|
*/ |
|
|
|
function generate_password($length = 12) |
|
|
|
function generate_password(int $length = 12): string |
|
|
|
{ |
|
|
|
|
|
|
|
// define possible characters
|
|
|
|
$possible = "2345678923456789abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ"; # skip 0 and 1 to avoid confusion with O and l
|
|
|
|
|
|
|
|
// add random characters to $password until $length is reached
|
|
|
|
$password = ""; |
|
|
|
while (strlen($password) < $length) { |
|
|
|
$random = random_int(0, strlen($possible) - 1); |
|
|
|
$char = substr($possible, $random, 1); |
|
|
|
|
|
|
|
// we don't want this character if it's already in the password
|
|
|
|
if (!strstr($password, $char)) { |
|
|
|
$password .= $char; |
|
|
|
} |
|
|
|
// note this allows for repeated characters (better entropy)
|
|
|
|
for ($i = 0; $i < $length; $i++) { |
|
|
|
$random = random_int(0, strlen($possible) - 1); |
|
|
|
$password .= substr($possible, $random, 1); |
|
|
|
} |
|
|
|
|
|
|
|
return $password; |
|
|
|
|
