From c05f6c23cfdb631d2f989895bab705a60aac2a0c Mon Sep 17 00:00:00 2001
From: crystaldaking <crystal@crystalapps.by>
Date: Mon, 8 Nov 2021 22:30:38 +0300
Subject: [PATCH 1/2] Generate password logic

---
 core/src/Revolution/modUser.php | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/core/src/Revolution/modUser.php b/core/src/Revolution/modUser.php
index 9cdee5042d..3d531cf045 100644
--- a/core/src/Revolution/modUser.php
+++ b/core/src/Revolution/modUser.php
@@ -904,19 +904,14 @@ public function generatePassword($length = null, array $options = [])
         if ($length < $passwordMinimumLength) {
             $length = $passwordMinimumLength;
         }
-        $options = array_merge([
-            'allowable_characters' => 'abcdefghjkmnpqrstuvxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789',
-            'srand_seed_multiplier' => 1000000,
-        ], $options);
-
-        $ps_len = strlen($options['allowable_characters']);
-        srand((double)microtime() * $options['srand_seed_multiplier']);
-        $pass = '';
-        for ($i = 0; $i < $length; $i++) {
-            $pass .= $options['allowable_characters'][mt_rand(0, $ps_len - 1)];
+
+        if ($options['alphabet']) {
+            $alphabet = array_merge(range('a', 'z'), range('A', 'Z'));
+            shuffle($alphabet);
+            return substr(implode($alphabet),0,$length);
         }
 
-        return $pass;
+        return bin2hex(random_bytes($length));
     }
 
 

From 685c1aee6b0a19771b024a02bd476a756926d8ac Mon Sep 17 00:00:00 2001
From: crystaldaking <crystal@crystalapps.by>
Date: Mon, 8 Nov 2021 23:11:24 +0300
Subject: [PATCH 2/2] fix length issue

---
 core/src/Revolution/modUser.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/Revolution/modUser.php b/core/src/Revolution/modUser.php
index 3d531cf045..06c3c2e48d 100644
--- a/core/src/Revolution/modUser.php
+++ b/core/src/Revolution/modUser.php
@@ -898,7 +898,7 @@ public function removeLocks(array $options = [])
     public function generatePassword($length = null, array $options = [])
     {
         if ($length === null) {
-            $length = $this->xpdo->getOption('password_generated_length', null, 10, true);
+                $length = $this->xpdo->getOption('password_generated_length', null, 10, true);
         }
         $passwordMinimumLength = $this->xpdo->getOption('password_min_length', null, 8, true);
         if ($length < $passwordMinimumLength) {
@@ -911,7 +911,7 @@ public function generatePassword($length = null, array $options = [])
             return substr(implode($alphabet),0,$length);
         }
 
-        return bin2hex(random_bytes($length));
+        return substr(bin2hex(random_bytes($length)),$length);
     }