Empty commit

api.php

@@ -39,13 +39,9 @@ function error($Code) {
 }
 
 function make_secret($Length = 32) {
-	$Secret = '';
+	$NumBytes = (int) round($Length / 2);
-	$Chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
+	$Secret = bin2hex(openssl_random_pseudo_bytes($NumBytes));
-	for ($i = 0; $i < $Length; $i++) {
+	return substr($Secret, 0, $Length);
-		$Rand = mt_rand(0, strlen($Chars) - 1);
-		$Secret .= substr($Chars, $Rand, 1);
-	}
-	return str_shuffle($Secret);
 }
 
 function is_number($Str) {

classes/ajax_start.php

@@ -110,13 +110,9 @@ function display_array($Array, $DontEscape = array()) {
 }
 
 function make_secret($Length = 32) {
-	$Secret = '';
+	$NumBytes = (int) round($Length / 2);
-	$Chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
+	$Secret = bin2hex(openssl_random_pseudo_bytes($NumBytes));
-	for ($i = 0; $i < $Length; $i++) {
+	return substr($Secret, 0, $Length);
-		$Rand = mt_rand(0, strlen($Chars) - 1);
-		$Secret .= substr($Chars, $Rand, 1);
-	}
-	return str_shuffle($Secret);
 }
 
 // Send a message to an IRC bot listening on SOCKET_LISTEN_PORT

classes/users.class.php

@@ -360,13 +360,9 @@ public static function release_order_default_js(&$SiteOptions) {
 	 * @return random alphanumeric string
 	 */
 	public static function make_secret($Length = 32) {
-		$Secret = '';
+		$NumBytes = (int) round($Length / 2);
-		$Chars = 'abcdefghijklmnopqrstuvwxyz0123456789';
+		$Secret = bin2hex(openssl_random_pseudo_bytes($NumBytes));
-		$CharLen = strlen($Chars) - 1;
+		return substr($Secret, 0, $Length);
-		for ($i = 0; $i < $Length; ++$i) {
-			$Secret .= $Chars[mt_rand(0, $CharLen)];
-		}
-		return $Secret;
 	}
 
 	/**