From 734f88ea4ac6eb1169d3bad9970c8ac4a1910cfa Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <johan@x-tnd.be>
Date: Mon, 17 Aug 2020 08:20:34 +0200
Subject: [PATCH] Makes default member password stronger

---
 galette/lib/Galette/Controllers/Crud/MembersController.php | 4 ++--
 galette/lib/Galette/Core/AbstractPassword.php              | 4 ++--
 galette/lib/Galette/Core/Password.php                      | 5 +++++
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/galette/lib/Galette/Controllers/Crud/MembersController.php b/galette/lib/Galette/Controllers/Crud/MembersController.php
index a36ad59cb..43df6eb73 100644
--- a/galette/lib/Galette/Controllers/Crud/MembersController.php
+++ b/galette/lib/Galette/Controllers/Crud/MembersController.php
@@ -1883,7 +1883,7 @@ class MembersController extends CrudController
                 }
             }
 
-            if (count($error_detected) == 0) {
+            if (count($error_detected) === 0) {
                 $files_res = $member->handleFiles($_FILES);
                 if (is_array($files_res)) {
                     $error_detected = array_merge($error_detected, $files_res);
@@ -1936,7 +1936,7 @@ class MembersController extends CrudController
                 }
             }
 
-            if (count($error_detected) == 0) {
+            if (count($error_detected) === 0) {
                 if (isset($args['self'])) {
                     $redirect_url = $this->router->pathFor('login');
                 } elseif (
diff --git a/galette/lib/Galette/Core/AbstractPassword.php b/galette/lib/Galette/Core/AbstractPassword.php
index 9334c6463..2bccc2ed5 100644
--- a/galette/lib/Galette/Core/AbstractPassword.php
+++ b/galette/lib/Galette/Core/AbstractPassword.php
@@ -81,12 +81,12 @@ abstract class AbstractPassword
             || trim($size) == ''
             || !is_int($size)
         ) {
-            $size = self::DEFAULT_SIZE;
+            $size = static::DEFAULT_SIZE;
         }
         $pass = '';
         $i = 0;
         while ($i <= $size - 1) {
-            $num = mt_rand(0, 32) % 33;
+            $num = mt_rand(0, strlen($this->chars) - 1)  % strlen($this->chars);
             $pass .= substr($this->chars, $num, 1);
             $i++;
         }
diff --git a/galette/lib/Galette/Core/Password.php b/galette/lib/Galette/Core/Password.php
index 74cd7552a..b024fc9e9 100644
--- a/galette/lib/Galette/Core/Password.php
+++ b/galette/lib/Galette/Core/Password.php
@@ -62,6 +62,11 @@ class Password extends AbstractPassword
     public const TABLE = 'tmppasswds';
     public const PK = Adherent::PK;
 
+    /** @var integer Overrides default password size */
+    public const DEFAULT_SIZE = 50;
+    /** @var string Overrides default character set */
+    protected $chars = 'abcdefghjkmnpqrstuvwxyz0123456789&@{[]}%#+*:ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+
     private $zdb;
 
     /**
-- 
2.39.2