From 9ffababf66807b2bf72c588cb870d54b261b0479 Mon Sep 17 00:00:00 2001
From: absurdo <antonio.delarosa@salirdelhoyo.com>
Date: Sat, 8 Jul 2023 00:31:37 +0200
Subject: [PATCH] Fixes in generate_random_password

---
 libraries/Utils.php | 73 ++++++++++++++-------------------------------
 1 file changed, 22 insertions(+), 51 deletions(-)

diff --git a/libraries/Utils.php b/libraries/Utils.php
index 9357835..9ddcf29 100644
--- a/libraries/Utils.php
+++ b/libraries/Utils.php
@@ -34,41 +34,6 @@ class Utils {
 
 	static public function slugify($text, $respect_upper=0, $replace_space='-', $replace_dot=0, $replace_barr=0)
 	{
-        /*
-
-		$from='àáâãäåæçèéêëìíîïðòóôõöøùúûýþÿŕñÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÐÒÓÔÕÖØÙÚÛÝỲŸÞŔÑ¿?!¡()"|#*%,;+&$ºª<>`çÇ{}@~=^:´[]';
-		$to=  'aaaaaaaceeeeiiiidoooooouuuybyrnAAAAAACEEEEIIIIDOOOOOOUUUYYYBRN---------------------------------';
-		
-		if($replace_dot==1)
-		{
-		
-			$from.='.';
-			$to.='-';
-		
-		}
-		
-		if($replace_barr==1)
-		{
-		
-			$from.="/";
-			$to.="-";
-		
-		}
-
-		$text = utf8_decode(urldecode($text));    
-		
-		$text=trim(str_replace(" ", $replace_space, $text));
-		
-		$text = strtr($text, utf8_decode($from), $to);
-		
-		//Used for pass base64 via GET that use upper, for example.
-		
-		if($respect_upper==0)
-		{
-		
-			$text = strtolower($text);
-			
-		}*/
 
         $text=iconv('utf-8', 'us-ascii//TRANSLIT', $text);
 
@@ -373,7 +338,7 @@ class Utils {
 	}
 	
 	/**
-	* Function used for generate a simple random password. Used RamdomLib from Ircmaxell
+	* Function used for generate a simple random password. Use random_int php function for get the characters of the password
 	*
 	* @param string $length_pass A variable used for set the character's length the password. More length, password more secure
 	*
@@ -387,29 +352,35 @@ class Utils {
 
 		$abc=array( 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '*', '+', '!', '-', '_', '@', '#', '$');
         
-        $password_final='';
+        $disorder_abc=[];
         
-        $c=count($abc);
+        //Simple disorder using random_int
+        
+        while(count($abc)>0) {
+            
+            $c_abc=count($abc);
+            
+            $num_element_move=random_int(0, $c_abc-1);
+            
+            $disorder_abc[]=$abc[$num_element_move];
+            
+            unset($abc[$num_element_move]);
+            
+            $abc=array_values($abc);
+            
+        }
+        
+        $c=count($disorder_abc);
+        
+        $password_final='';
         
         for($x=0;$x<$length_pass;$x++) {
             
             $num_element_pass=random_int(0, $c-1);
             
-            $password_final.=$abc[$num_element_pass];
+            $password_final.=$disorder_abc[$num_element_pass];
             
         }
-        
-        /*$password_final=bin2hex(random_bytes(round($length_pass/2)));
-
-        $num_element_pass=random_int(0, 5);
-
-        $abc=['*', '+', '!', '-', '_', '@', '#', '$'];
-
-        for($x=0;$x<$num_element_pass;$x++) {
-            
-            $num_change_char=random_int(0, len($abc));
-            
-        }*/
 
         //Add strange characters