From c2b29c317f2d3bf41ed737c9eb3d49bce41ec432 Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Mon, 17 May 2010 09:40:32 +0200
Subject: [ticket/9612] Introduce new function gen_rand_string_friendly().

Introduce new function gen_rand_string_friendly() for user friendly random
strings like passwords and captcha codes. Strings generated by
gen_rand_string_friendly() will not contain the characters 0 and O.

By adding a new function we can increase the entropy of strings
generated by gen_rand_string() by putting 0 and O back in.

PHPBB3-9612
---
 phpBB/includes/functions.php | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'phpBB/includes/functions.php')

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index cd8447a2a3..2b5b8e6092 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -195,10 +195,27 @@ function set_config_count($config_name, $increment, $is_dynamic = false)
 
 /**
 * Generates an alphanumeric random string of given length
+*
+* @return string
 */
 function gen_rand_string($num_chars = 8)
+{
+	// [a, z] + [0, 9] = 36
+	return strtoupper(base_convert(unique_id(), 16, 36));
+}
+
+/**
+* Generates a user-friendly alphanumeric random string of given length
+* We remove 0 and O so users cannot confuse those in passwords etc.
+*
+* @return string
+*/
+function gen_rand_string_friendly($num_chars = 8)
 {
 	$rand_str = unique_id();
+
+	// Remove Z and Y from the base_convert(), replace 0 with Z and O with Y
+	// [a, z] + [0, 9] - {z, y} = [a, z] + [0, 9] - {0, o} = 34
 	$rand_str = str_replace(array('0', 'O'), array('Z', 'Y'), strtoupper(base_convert($rand_str, 16, 34)));
 
 	return substr($rand_str, 0, $num_chars);
-- 
cgit v1.2.1