Issue #3107371 by kiamlaluno, longwave: Update user_password() for PHP 7

core/modules/user/user.module

@@ -197,30 +197,26 @@ function user_validate_name($name) {
 
 /**
  * Generate a random alphanumeric password.
+ *
+ * @param int $length
+ *   The desired password length, in characters.
+ *
+ * @return string
+ *   The generated random password.
  */
 function user_password($length = 10) {
-  // This variable contains the list of allowable characters for the
-  // password. Note that the number 0 and the letter 'O' have been
-  // removed to avoid confusion between the two. The same is true
-  // of 'I', 1, and 'l'.
-  $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
+  // This variable contains the list of allowed characters for the password.
+  // Note that the number 0 and the letter 'O' have been removed to avoid
+  // confusion between the two. The same is true of 'I', 1, and 'l'.
+  $allowed_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789';
 
-  // Zero-based count of characters in the allowable list:
-  $len = strlen($allowable_characters) - 1;
+  // The maximum integer we want from random_int().
+  $max = strlen($allowed_characters) - 1;
 
-  // Declare the password as a blank string.
   $pass = '';
 
-  // Loop the number of times specified by $length.
   for ($i = 0; $i < $length; $i++) {
-    do {
-      // Find a secure random number within the range needed.
-      $index = ord(random_bytes(1));
-    } while ($index > $len);
-
-    // Each iteration, pick a random character from the
-    // allowable string and append it to the password:
-    $pass .= $allowable_characters[$index];
+    $pass .= $allowed_characters[random_int(0, $max)];
   }
 
   return $pass;