From 06f5e2503d9497a0dab0563a05dc728901e2e478 Mon Sep 17 00:00:00 2001 From: Alex Pott Date: Mon, 20 Jan 2020 13:27:46 +0000 Subject: [PATCH] Issue #3107371 by kiamlaluno, longwave: Update user_password() for PHP 7 --- core/modules/user/user.module | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/core/modules/user/user.module b/core/modules/user/user.module index fd774a075ef..fec5451b8d2 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -197,30 +197,26 @@ function user_validate_name($name) { /** * Generate a random alphanumeric password. + * + * @param int $length + * The desired password length, in characters. + * + * @return string + * The generated random password. */ function user_password($length = 10) { - // This variable contains the list of allowable characters for the - // password. Note that the number 0 and the letter 'O' have been - // removed to avoid confusion between the two. The same is true - // of 'I', 1, and 'l'. - $allowable_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'; + // This variable contains the list of allowed characters for the password. + // Note that the number 0 and the letter 'O' have been removed to avoid + // confusion between the two. The same is true of 'I', 1, and 'l'. + $allowed_characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'; - // Zero-based count of characters in the allowable list: - $len = strlen($allowable_characters) - 1; + // The maximum integer we want from random_int(). + $max = strlen($allowed_characters) - 1; - // Declare the password as a blank string. $pass = ''; - // Loop the number of times specified by $length. for ($i = 0; $i < $length; $i++) { - do { - // Find a secure random number within the range needed. - $index = ord(random_bytes(1)); - } while ($index > $len); - - // Each iteration, pick a random character from the - // allowable string and append it to the password: - $pass .= $allowable_characters[$index]; + $pass .= $allowed_characters[random_int(0, $max)]; } return $pass;