[*] CORE : Add Random charlist to passwdGen

classes/Customer.php

@@ -727,7 +727,7 @@ public function transformToCustomer($id_lang, $password = null)
 		if (!$this->isGuest())
 			return false;
 		if (empty($password))
-			$password = Tools::passwdGen();
+			$password = Tools::passwdGen(8, 'RANDOM');
 		if (!Validate::isPasswd($password))
 			return false;
 

classes/Tools.php

@@ -34,11 +34,16 @@ class ToolsCore
 	* Random password generator
 	*
 	* @param integer $length Desired length (optional)
-	* @param string $flag Output type (NUMERIC, ALPHANUMERIC, NO_NUMERIC)
-	* @return string Password
+	* @param string $flag Output type (NUMERIC, ALPHANUMERIC, NO_NUMERIC, RANDOM)
+	* @return string|boolean Password
 	*/
 	public static function passwdGen($length = 8, $flag = 'ALPHANUMERIC')
 	{
+		$length = (int)$length;
+
+		if ($length <= 0)
+			return false;
+
 		switch ($flag)
 		{
 			case 'NUMERIC':
@@ -47,14 +52,83 @@ public static function passwdGen($length = 8, $flag = 'ALPHANUMERIC')
 			case 'NO_NUMERIC':
 				$str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
 				break;
+			case 'RANDOM':
+				$num_bytes = ceil($length * 0.75);
+				$bytes = Tools::getBytes($num_bytes);
+				return substr(rtrim(base64_encode($bytes), '='), 0, $length);
+			case 'ALPHANUMERIC':
 			default:
 				$str = 'abcdefghijkmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
 				break;
 		}
 
-		for ($i = 0, $passwd = ''; $i < $length; $i++)
-			$passwd .= Tools::substr($str, mt_rand(0, Tools::strlen($str) - 1), 1);
-		return $passwd;
+		$bytes = Tools::getBytes($length);
+		$position = 0;
+		$result = '';
+
+		for ($i = 0; $i < $length; $i++)
+		{
+			$position = ($position + ord($bytes[$i])) % strlen($str);
+			$result .= $str[$position];
+		}
+
+		return $result;
+	}
+
+	public static function getBytes($length)
+	{
+		$length = (int)$length;
+		if ($length <= 0)
+			return false;
+		if (function_exists('openssl_random_pseudo_bytes'))
+		{
+			$bytes = openssl_random_pseudo_bytes($length, $crypto_strong);
+			if ($crypto_strong === true)
+				return $bytes;
+		}
+		if (function_exists('mcrypt_create_iv'))
+		{
+			$bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+			if ($bytes !== false && strlen($bytes) === $length)
+				return $bytes;
+		}
+		// Else try to get $length bytes of entropy
+		$result         = '';
+		$entropy        = '';
+		$msec_per_round = 400;
+		$bits_per_round = 2;
+		$total          = $length;
+		$hash_length    = 20;
+		while (strlen($result) < $length)
+		{
+			$bytes  = ($total > $hash_length) ? $hash_length : $total;
+			$total -= $bytes;
+			for ($i=1; $i < 3; $i++)
+			{
+				$t1 = microtime(true);
+				$seed = mt_rand();
+				for ($j=1; $j < 50; $j++)
+					$seed = sha1($seed);
+				$t2 = microtime(true);
+				$entropy .= $t1 . $t2;
+			}
+			$div = (int) (($t2 - $t1) * 1000000);
+			if ($div <= 0)
+				$div = 400;
+			$rounds = (int) ($msec_per_round * 50 / $div);
+			$iter = $bytes * (int) (ceil(8 / $bits_per_round));
+			for ($i = 0; $i < $iter; $i ++)
+			{
+				$t1 = microtime();
+				$seed = sha1(mt_rand());
+				for ($j = 0; $j < $rounds; $j++)
+					$seed = sha1($seed);
+				$t2 = microtime();
+				$entropy .= $t1 . $t2;
+			}
+			$result .= sha1($entropy, true);
+		}
+		return substr($result, 0, $length);
 	}
 
 	public static function strReplaceFirst($search, $replace, $subject, $cur = 0)

controllers/admin/AdminLoginController.php

@@ -219,7 +219,7 @@ public function processForgot()
 
 		if (!count($this->errors))
 		{
-			$pwd = Tools::passwdGen();
+			$pwd = Tools::passwdGen(10, 'RANDOM');
 			$employee->passwd = md5(pSQL(_COOKIE_KEY_.$pwd));
 			$employee->last_passwd_gen = date('Y-m-d H:i:s', time());
 

controllers/front/PasswordController.php

@@ -79,7 +79,7 @@ public function postProcess()
 					Tools::redirect('index.php?controller=authentication&error_regen_pwd');
 				else
 				{
-					$customer->passwd = Tools::encrypt($password = Tools::passwdGen(MIN_PASSWD_LENGTH));
+					$customer->passwd = Tools::encrypt($password = Tools::passwdGen(MIN_PASSWD_LENGTH, 'RANDOM'));
 					$customer->last_passwd_gen = date('Y-m-d H:i:s', time());
 					if ($customer->update())
 					{
@@ -116,4 +116,3 @@ public function initContent()
 		$this->setTemplate(_PS_THEME_DIR_.'password.tpl');
 	}
 }
-