From 1b101a00a0281ce93a8772b6c8ae8104a0d36285 Mon Sep 17 00:00:00 2001
From: Remigijus Kiminas <remdex@gmail.com>
Date: Mon, 4 Oct 2021 23:10:35 -0400
Subject: [PATCH] Random string

---
 lhc_web/lib/core/lhchat/lhchat.php            | 12 ++++++++-
 lhc_web/lib/core/lhchatbox/lhchatbox.php      | 12 ++++++++-
 .../erlhcoreclassmodelforgotpassword.php      | 26 +++++++++----------
 3 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/lhc_web/lib/core/lhchat/lhchat.php b/lhc_web/lib/core/lhchat/lhchat.php
index 8b9c1b5c14..c8ee754eb2 100644
--- a/lhc_web/lib/core/lhchat/lhchat.php
+++ b/lhc_web/lib/core/lhchat/lhchat.php
@@ -1372,7 +1372,17 @@ public static function isChatActive($chat_id,$hash)
 
    public static function generateHash()
    {
-       return sha1(mt_rand().time());
+       $string = '';
+
+       while (($len = strlen($string)) < 40) {
+           $size = 40 - $len;
+
+           $bytes = random_bytes($size);
+
+           $string .= substr(str_replace(['/', '+', '='], '', base64_encode($bytes)), 0, $size);
+       }
+
+       return $string;;
    }
    
    public static function setTimeZoneByChat($chat)
diff --git a/lhc_web/lib/core/lhchatbox/lhchatbox.php b/lhc_web/lib/core/lhchatbox/lhchatbox.php
index 55ae8824cd..35a78117b7 100644
--- a/lhc_web/lib/core/lhchatbox/lhchatbox.php
+++ b/lhc_web/lib/core/lhchatbox/lhchatbox.php
@@ -405,7 +405,17 @@ public static function getCount($params = array(), $table = 'lh_chatbox', $opera
 
    public static function generateHash()
    {
-       return sha1(mt_rand().time());
+       $string = '';
+
+       while (($len = strlen($string)) < 40) {
+           $size = 40 - $len;
+
+           $bytes = random_bytes($size);
+
+           $string .= substr(str_replace(['/', '+', '='], '', base64_encode($bytes)), 0, $size);
+       }
+
+       return $string;;
    }
 
    public static function getSession()
diff --git a/lhc_web/lib/models/lhuser/erlhcoreclassmodelforgotpassword.php b/lhc_web/lib/models/lhuser/erlhcoreclassmodelforgotpassword.php
index 1d9b0ad125..ce31f9bc3a 100644
--- a/lhc_web/lib/models/lhuser/erlhcoreclassmodelforgotpassword.php
+++ b/lhc_web/lib/models/lhuser/erlhcoreclassmodelforgotpassword.php
@@ -20,22 +20,20 @@ public function setState( array $properties )
        }
    }
 
-   public static function randomPassword($lenght = 10)
-   {
-		$allchar = "abcdefghijklmnopqrstuvwxyz1234567890";
-    
-        $str = "" ;
-    
-        mt_srand(( double) microtime() * 1000000);
-    
-        for ($i = 0; $i<$lenght; $i++) {
-            $str .= substr($allchar, mt_rand(0, 36), 1);
+    public static function randomPassword($length = 10)
+    {
+        $string = '';
+
+        while (($len = strlen($string)) < $length) {
+            $size = $length - $len;
+
+            $bytes = random_bytes($size);
+
+            $string .= substr(str_replace(['/', '+', '='], '', base64_encode($bytes)), 0, $size);
         }
-        
-        $str = substr(md5($str . microtime() . rand(1, 10000000)), 0, $lenght);
 
-   		return $str ;
-	}
+        return $string;;
+    }
 
 	public static function setRemindHash($user_id, $hash) {