From 01c0366250aa86fdddf44fd5142bf2643b8ca31a Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Tue, 23 Oct 2012 14:19:45 +0000
Subject: [PATCH] Sub ids "fixed": - ADMIN_FORCED_ADS_404 was wrong in
 user_subids XML template - Move alphabet for random passwords to initialize
 filter - Removed some chars that may look to similar to others - Other minor
 improvements

---
 inc/filters.php                               |  3 +++
 inc/functions.php                             | 25 +++++++++----------
 inc/language/user_de.php                      |  1 +
 inc/libs/user_functions.php                   |  6 ++---
 templates/xml/admin/admin_list_user_subid.xml |  2 +-
 5 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/inc/filters.php b/inc/filters.php
index ccdd4176c7..39d170f9d0 100644
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -367,6 +367,9 @@ function FILTER_INIT_RANDOMIZER () {
 
 	// Simply init the randomizer with seed and _ADD value
 	mt_srand(generateSeed() + getConfig('_ADD'));
+
+	// Initialize array with all allowed chars
+	$GLOBALS['_abc'] = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,1,2,3,4,6,7,8,9,-,+,_,/,.');
 }
 
 // Filter for removing updates
diff --git a/inc/functions.php b/inc/functions.php
index a941932a6c..d13b75ec43 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -89,27 +89,26 @@ function generatePassword ($length = '0', $exclude =  array()) {
 		$length = getPassLen();
 	} // END - if
 
-	// Initialize array with all allowed chars
-	$ABC = explode(',', 'a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,0,1,2,3,4,5,6,7,8,9,-,+,_,/,.');
-
 	// Exclude some entries
-	$ABC = array_diff($ABC, $exclude);
+	$localAbc = array_diff($GLOBALS['_abc'], $exclude);
 
 	// Start creating password
-	$PASS = '';
-	for ($i = '0'; $i < $length; $i++) {
-		$PASS .= $ABC[mt_rand(0, count($ABC) -1)];
-	} // END - for
+	$password = '';
+	while (strlen($password) < $length) {
+		$password .= $localAbc[mt_rand(0, count($localAbc) -1)];
+	} // END - while
 
-	// When the size is below 40 we can also add additional security by scrambling
-	// it. Otherwise we may corrupt hashes
-	if (strlen($PASS) <= 40) {
+	/*
+	 * When the size is below 40 we can also add additional security by
+	 * scrambling it. Otherwise the hash may corrupted..
+	 */
+	if (strlen($password) <= 40) {
 		// Also scramble the password
-		$PASS = scrambleString($PASS);
+		$password = scrambleString($password);
 	} // END - if
 
 	// Return the password
-	return $PASS;
+	return $password;
 }
 
 // Generates a human-readable timestamp from the Uni* stamp
diff --git a/inc/language/user_de.php b/inc/language/user_de.php
index ba353ef6a1..9ee2e1feb1 100644
--- a/inc/language/user_de.php
+++ b/inc/language/user_de.php
@@ -179,6 +179,7 @@ addMessages(array(
 	'ADMIN_USER_ACTION_LINK_LIST_USER_SUBID' => "Sub-Ids auflisten",
 
 	// Admin - list/edit/delete sub ids and stats
+	'ADMIN_USER_SUBIDS_404' => "Das Mitglied <span class=\"data\">{%get,generateUserProfileLink=userid%}</span> hat noch keine Sub-Ids eingerichtet.",
 	'ADMIN_USER_SUBID_STATS_404' => "Das Mitglied <span class=\"data\">{%get,generateUserProfileLink=userid%}</span> hat f&uuml;r die Sub-Id <span class=\"data\">{%get,getSubId=id%}</span> noch keine Statistikeintr&auml;ge.",
 	'ADMIN_USER_SUBID_NOT_ASSIGNED_404' => "Die angegebene Sub-Id-Kennung ist der Mitglieder-Id <span class=\"data\">{%get,generateUserProfileLink=userid%}</span> nicht zugewiesen oder existiert nicht.",
 	'ADMIN_LIST_USER_SUBID_TITLE' => "Auflisten der Sub-Ids von Mitglied <span class=\"data\">{%get,generateUserProfileLink=userid%}</span>",
diff --git a/inc/libs/user_functions.php b/inc/libs/user_functions.php
index f4558fa77f..189f3f782f 100644
--- a/inc/libs/user_functions.php
+++ b/inc/libs/user_functions.php
@@ -449,19 +449,19 @@ function doNewUserPassword ($email, $userid) {
 		// Is the account confirmed
 		if (getUserData('status') == 'CONFIRMED') {
 			// Generate new password
-			$NEW_PASS = generatePassword();
+			$newPassword = generatePassword();
 
 			// Update database
 			SQL_QUERY_ESC("UPDATE `{?_MYSQL_PREFIX?}_user_data` SET `password`='%s' WHERE `userid`=%s LIMIT 1",
 				array(
-					generateHash($NEW_PASS),
+					generateHash($newPassword),
 					getUserData('userid')
 				), __FUNCTION__, __LINE__);
 
 			// Prepare data and message for email
 			$message = loadEmailTemplate('guest_new_password',
 				array(
-					'new_pass' => $NEW_PASS,
+					'new_pass' => $newPassword,
 					'nickname' => $userid
 				), getUserData('userid'));
 
diff --git a/templates/xml/admin/admin_list_user_subid.xml b/templates/xml/admin/admin_list_user_subid.xml
index 691c25e406..7f9a24fef5 100644
--- a/templates/xml/admin/admin_list_user_subid.xml
+++ b/templates/xml/admin/admin_list_user_subid.xml
@@ -45,7 +45,7 @@ MA  02110-1301  USA
 	<!--
 	Message id to display if no entry could be found
 	//-->
-	<no-entry-found-message type="string" value="ADMIN_FORCED_ADS_404" />
+	<no-entry-found-message type="string" value="ADMIN_USER_SUBIDS_404" />
 	<!--
 	The table(s) we shall grab the data from, all as list.
 	//-->
-- 
2.39.5