From 683aa269b06a8c567a4cb6a201c5a8333d8693fd Mon Sep 17 00:00:00 2001
From: Alex Tselegidis <alextselegidis@gmail.com>
Date: Wed, 23 Sep 2020 13:11:30 +0300
Subject: [PATCH] Use the codeigniter random string generation function for
 creating random passwords (#680).

---
 application/controllers/Installation.php |  3 ++-
 application/helpers/general_helper.php   | 20 --------------------
 application/models/User_model.php        |  3 ++-
 3 files changed, 4 insertions(+), 22 deletions(-)

diff --git a/application/controllers/Installation.php b/application/controllers/Installation.php
index 1ad2fe17..18dffb83 100644
--- a/application/controllers/Installation.php
+++ b/application/controllers/Installation.php
@@ -99,6 +99,7 @@ class Installation extends CI_Controller {
             $this->load->model('providers_model');
             $this->load->library('session');
             $this->load->library('migration');
+            $this->load->helper('string');
 
             $admin = $this->input->post('admin');
             $company = $this->input->post('company');
@@ -142,7 +143,7 @@ class Installation extends CI_Controller {
             $services['id'] = $this->services_model->add($services);
 
             $salt = generate_salt();
-            $password = generate_random_string(100);
+            $password = random_string('sha1', 12);
 
             $sample_provider = [
                 'first_name' => 'John',
diff --git a/application/helpers/general_helper.php b/application/helpers/general_helper.php
index 726ed60b..407d6b9a 100644
--- a/application/helpers/general_helper.php
+++ b/application/helpers/general_helper.php
@@ -83,23 +83,3 @@ function generate_salt()
     $salt = hash('sha256', (uniqid(rand(), TRUE)));
     return substr($salt, 0, $max_length);
 }
-
-/**
- * This method generates a random string.
- *
- * @link http://stackoverflow.com/a/4356295/1718162
- *
- * @param int $length (OPTIONAL = 10) The length of the generated string.
- *
- * @return string Returns the randomly generated string.
- */
-function generate_random_string($length = 10)
-{
-    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-    $random_string = '';
-    for ($i = 0; $i < $length; $i++)
-    {
-        $random_string .= $characters[rand(0, strlen($characters) - 1)];
-    }
-    return $random_string;
-}
diff --git a/application/models/User_model.php b/application/models/User_model.php
index 1305b8a8..376a8c90 100644
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@@ -168,6 +168,7 @@ class User_Model extends CI_Model {
     public function regenerate_password($username, $email)
     {
         $this->load->helper('general');
+        $this->load->helper('string');
 
         $result = $this->db
             ->select('users.id')
@@ -185,7 +186,7 @@ class User_Model extends CI_Model {
         $user_id = $result->row()->id;
 
         // Create a new password and send it with an email to the given email address.
-        $new_password = generate_random_string();
+        $new_password = random_string('sha1', 12);
         $salt = $this->db->get_where('user_settings', ['id_users' => $user_id])->row()->salt;
         $hash_password = hash_password($salt, $new_password);
         $this->db->update('user_settings', ['password' => $hash_password], ['id_users' => $user_id]);