functions.inc.php:

- generate_password(): generate more secure random password

Based on a patch from Pierre Fagrell (mrfrenzy@SF),
https://sourceforge.net/tracker/?func=detail&aid=2958698&group_id=191583&atid=937964
(with some modifications)


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1027 a1433add-5e2c-0410-b055-b7f2511e0802
postfixadmin-2.3
Christian Boltz 13 years ago
parent 04e743f262
commit eb8fafbc89

@ -13,7 +13,8 @@
Changes after 2.3.3 release (postfixadmin-2.3 branch)
---------------------------------------------------------------
- fix typo in variable name in squirrelmail plugin
- generate more secure random passwords
- squirrelmail plugin: fix typo in variable name
Version 2.3.3 - 2011/03/14 - SVN r1010 (postfixadmin-2.3 branch)
---------------------------------------------------------------

@ -1107,9 +1107,30 @@ function encode_header ($string, $default_charset = "utf-8")
// Action: Generates a random password
// Call: generate_password ()
//
function generate_password ()
{
$password = substr (md5 (mt_rand ()), 0, 8);
function generate_password () {
global $CONF;
//check that password length is sensible
$length = (int) $CONF['min_password_length'];
if ($length < 5 || $length > 32) {
$length = 8;
}
// define possible characters
$possible = "2345678923456789abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ"; # skip 0 and 1 to avoid confusion with O and l
// add random characters to $password until $length is reached
$password = "";
while (strlen($password) < $length) {
// pick a random character from the possible ones
$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
// we don't want this character if it's already in the password
if (!strstr($password, $char)) {
$password .= $char;
}
}
return $password;
}

Loading…
Cancel
Save