Use paragonie's random_compat on php 5 to generate random passwords

https://github.com/paragonie/random_compat

includes/classes/actions-clients.php

@@ -27,12 +27,6 @@ public function generateUsername($string, $i = 1) {
 		return $username;
 	}
 
-	public function generatePassword() {
-		$password_string = '!@#$%*&abcdefghijklmnpqrstuwxyzABCDEFGHJKLMNPQRSTUWXYZ23456789';
-		$password = substr(str_shuffle($password_string), 0, 16);
-		return $password;
-	}
-
 	private function isUniqueUsername($string) {
 		$statement = $this->dbh->prepare( "SELECT * FROM " . TABLE_USERS . " WHERE user = :user" );
 		$statement->execute(array(':user'	=> $string));

includes/functions.php

@@ -32,6 +32,29 @@ function is_projectsend_installed() {
 	}
 }
 
+function generate_password() {
+	/**
+	 * Random compat library, a polyfill for PHP 7's random_bytes();
+	 * @link: https://github.com/paragonie/random_compat
+	 */
+	require_once(ROOT_DIR . '/includes/random_compat/random_compat.phar' );
+	$error_unexpected	= __('An unexpected error has occurred', 'cftp_admin');
+	$error_os_fail		= __('Could not generate a random password', 'cftp_admin');
+
+	try {
+		$password = random_bytes(12);
+	} catch (TypeError $e) {
+		die($error_unexpected); 
+	} catch (Error $e) {
+		die($error_unexpected); 
+	} catch (Exception $e) {
+		die($error_os_fail); 
+	}
+
+	return bin2hex($password);
+}
+
+
 /**
  * Check if a table exists in the current database.
  *

includes/random_compat/random_compat.phar.pubkey

@@ -0,0 +1,5 @@
+-----BEGIN PUBLIC KEY-----
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEEd+wCqJDrx5B4OldM0dQE0ZMX+lx1ZWm
+pui0SUqD4G29L3NGsz9UhJ/0HjBdbnkhIK5xviT0X5vtjacF6ajgcCArbTB+ds+p
++h7Q084NuSuIpNb6YPfoUFgC/CL9kAoc
+-----END PUBLIC KEY-----

includes/random_compat/random_compat.phar.pubkey.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.22 (MingW32)
+
+iQEcBAABAgAGBQJWtW1hAAoJEGuXocKCZATaJf0H+wbZGgskK1dcRTsuVJl9IWip
+QwGw/qIKI280SD6/ckoUMxKDCJiFuPR14zmqnS36k7N5UNPnpdTJTS8T11jttSpg
+1LCmgpbEIpgaTah+cELDqFCav99fS+bEiAL5lWDAHBTE/XPjGVCqeehyPYref4IW
+NDBIEsvnHPHPLsn6X5jq4+Yj5oUixgxaMPiR+bcO4Sh+RzOVB6i2D0upWfRXBFXA
+NNnsg9/zjvoC7ZW73y9uSH+dPJTt/Vgfeiv52/v41XliyzbUyLalf02GNPY+9goV
+JHG1ulEEBJOCiUD9cE1PUIJwHA/HqyhHIvV350YoEFiHl8iSwm7SiZu5kPjaq74=
+=B6+8
+-----END PGP SIGNATURE-----

sociallogin/google/callback.php

@@ -102,7 +102,7 @@
         $_SESSION['errorstate'] = 'no_account'; //TODO: create new account
         $new_client = new ClientActions();
         $username = $new_client->generateUsername($userData['name']);
-        $password = $new_client->generatePassword();
+        $password = generate_password();
 
         $clientData = array(
           'id' => '',