From d6b83e5440fbf742aa8d6588fcca2cc1e7977aab Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Wed, 4 Jan 2023 14:35:12 +0100 Subject: [PATCH 1/4] changed file name generation --- lam/lib/account.inc | 16 ++++++++++++++++ lam/lib/export.inc | 2 +- lam/templates/account/edit.php | 2 +- lam/tests/lib/AccountTest.php | 10 ++++++++++ 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 47f5802e0..65810ec92 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -388,6 +388,22 @@ function generateRandomPassword($length = 12, bool $checkStrength = true): strin return $password; } +/** + * Generates a random text with 20 letters by default. + * + * @param int $length length of password (defaults to 20) + * @return string text + */ +function generateRandomText($length = 20): string { + $list = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; + $text = ''; + for ($i = 0; $i < $length; $i++) { + $rand = abs(getRandomNumber() % 62); + $text .= $list[$rand]; + } + return $text; +} + /** * Checks if the given password matches the crypto hash. * diff --git a/lam/lib/export.inc b/lam/lib/export.inc index 5eb8e1816..a1843164d 100644 --- a/lam/lib/export.inc +++ b/lam/lib/export.inc @@ -173,7 +173,7 @@ class Exporter { throw new LAMException(_('Invalid format')); } if ($this->saveAsFile) { - $filename = '../../tmp/' . getRandomNumber() . time() .'.' . $this->format; + $filename = '../../tmp/' . generateRandomText() . time() .'.' . $this->format; $handle = fopen($filename, 'w'); chmod($filename, 0640); fwrite($handle, $output); diff --git a/lam/templates/account/edit.php b/lam/templates/account/edit.php index f6f424572..f328208eb 100644 --- a/lam/templates/account/edit.php +++ b/lam/templates/account/edit.php @@ -67,7 +67,7 @@ if (isset($_GET['editKey'])) { $sessionKey = htmlspecialchars($_GET['editKey']); } else { - $sessionKey = $sessionAccountPrefix . (new DateTime('now', getTimeZone()))->getTimestamp() . getRandomNumber(); + $sessionKey = $sessionAccountPrefix . (new DateTime('now', getTimeZone()))->getTimestamp() . generateRandomText(); } // cleanup account containers in session diff --git a/lam/tests/lib/AccountTest.php b/lam/tests/lib/AccountTest.php index 9bbfa5316..cf817d3d6 100644 --- a/lam/tests/lib/AccountTest.php +++ b/lam/tests/lib/AccountTest.php @@ -242,4 +242,14 @@ class AccountTest extends TestCase { $this->assertEquals(4, getNumberOfCharacterClasses('a-0AB.a3')); } + function testGenerateRandomPassword() { + global $_SESSION; + $_SESSION = array('cfgMain' => new LAMCfgMain()); + $this->assertEquals(20, strlen(generateRandomPassword(20))); + } + + function testGenerateRandomText() { + $this->assertEquals(20, strlen(generateRandomText(20))); + } + } From 199d183e727e575a987c8b3f4b67f79e13e0beb8 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Wed, 4 Jan 2023 16:00:06 +0100 Subject: [PATCH 2/4] changed file name generation --- lam/lib/account.inc | 2 +- lam/lib/config.inc | 6 +++--- lam/lib/pdf.inc | 4 ++-- lam/templates/account/edit.php | 2 +- lam/templates/tools/multiEdit.php | 4 ++-- lam/templates/upload/massBuildAccounts.php | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lam/lib/account.inc b/lam/lib/account.inc index 65810ec92..d7dc96c95 100644 --- a/lam/lib/account.inc +++ b/lam/lib/account.inc @@ -3,7 +3,7 @@ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2009 - 2022 Roland Gruber + 2009 - 2023 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lam/lib/config.inc b/lam/lib/config.inc index 0ae906055..b0e2200e6 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -10,7 +10,7 @@ use function LAM\PERSISTENCE\dbTableExists; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2022 Roland Gruber + Copyright (C) 2003 - 2023 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -2525,7 +2525,7 @@ class LAMConfig { */ public function getJobToken() { if (empty($this->jobToken)) { - $this->jobToken = getRandomNumber(); + $this->jobToken = generateRandomText(); } return $this->jobToken; } @@ -3604,7 +3604,7 @@ class LAMCfgMain { return null; } // write to temp file - $fileName = time() . getRandomNumber() . '.pem'; + $fileName = time() . generateRandomText() . '.pem'; $path = dirname(__FILE__) . '/../tmp/' . $fileName; $handle = @fopen($path, "wb"); @chmod($path, 0600); diff --git a/lam/lib/pdf.inc b/lam/lib/pdf.inc index 738260ed7..6f481125a 100644 --- a/lam/lib/pdf.inc +++ b/lam/lib/pdf.inc @@ -6,7 +6,7 @@ use LAMException; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2004 Michael Duergner - 2003 - 2021 Roland Gruber + 2003 - 2023 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -168,7 +168,7 @@ function createPdf($structure, $accounts, $pdfKeys, $account_type, $font, $retur $out = $pdf->Output('out.pdf', 'S'); if (!$returnAsString) { // use timestamp and random number from ldap.inc as filename so it should be unique. - $filename = '../../tmp/' . getRandomNumber() . time() .'.pdf'; + $filename = '../../tmp/' . generateRandomText() . time() .'.pdf'; // Save PDF $handle = fopen($filename, 'w'); chmod($filename, 0640); diff --git a/lam/templates/account/edit.php b/lam/templates/account/edit.php index f328208eb..6374cdcc6 100644 --- a/lam/templates/account/edit.php +++ b/lam/templates/account/edit.php @@ -8,7 +8,7 @@ use LAM\TYPES\TypeManager; This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2005 - 2021 Roland Gruber + 2005 - 2023 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lam/templates/tools/multiEdit.php b/lam/templates/tools/multiEdit.php index 97aaee125..03c684f1f 100644 --- a/lam/templates/tools/multiEdit.php +++ b/lam/templates/tools/multiEdit.php @@ -25,7 +25,7 @@ use LAM\TOOLS\TREEVIEW\TreeViewTool; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2013 - 2022 Roland Gruber + Copyright (C) 2013 - 2023 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -472,7 +472,7 @@ function dryRun(): array { $container->addElement(new htmlOutputText(_('Dry run finished.')), true); $container->addVerticalSpace('20px'); // store LDIF - $filename = 'ldif' . getRandomNumber() . '.ldif'; + $filename = 'ldif_' . generateRandomText() . '.ldif'; $out = @fopen(dirname(__FILE__) . '/../../tmp/' . $filename, "wb"); if ($out !== false) { fwrite($out, $ldif); diff --git a/lam/templates/upload/massBuildAccounts.php b/lam/templates/upload/massBuildAccounts.php index 1a0cffd3e..522ebe588 100644 --- a/lam/templates/upload/massBuildAccounts.php +++ b/lam/templates/upload/massBuildAccounts.php @@ -10,7 +10,7 @@ use \htmlResponsiveRow; /* This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2004 - 2022 Roland Gruber + Copyright (C) 2004 - 2023 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -266,7 +266,7 @@ if ($_FILES['inputfile'] && ($_FILES['inputfile']['size'] > 0)) { $_SESSION['mass_pdf']['structure'] = $_POST['pdfStructure']; $_SESSION['mass_pdf']['font'] = $_POST['pdf_font']; $_SESSION['mass_pdf']['counter'] = 0; - $_SESSION['mass_pdf']['file'] = '../../tmp/lam_pdf' . getRandomNumber() . '.zip'; + $_SESSION['mass_pdf']['file'] = '../../tmp/lam_pdf_' . generateRandomText() . '.zip'; } else { $_SESSION['mass_pdf']['structure'] = null; From 0a14865847efe904e9d4d1ab829ec72f5d73cf25 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Wed, 4 Jan 2023 20:33:32 +0100 Subject: [PATCH 3/4] changed file name generation --- lam/lib/modules/windowsUser.inc | 9 ++++----- lam/lib/treeview.inc | 19 +++++++++---------- lam/templates/config/confImportExport.php | 2 +- lam/templates/delete.php | 4 ++-- 4 files changed, 16 insertions(+), 18 deletions(-) diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc index deae923f9..deb8e2958 100644 --- a/lam/lib/modules/windowsUser.inc +++ b/lam/lib/modules/windowsUser.inc @@ -1564,7 +1564,7 @@ class windowsUser extends baseModule implements passwordService,AccountStatusPro $photoFile = '../../graphics/user.svg'; $noPhoto = true; if (isset($this->attributes['jpegPhoto'][0])) { - $jpeg_filename = 'jpg' . getRandomNumber() . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $this->attributes['jpegPhoto'][0]); fclose ($outjpeg); @@ -2373,7 +2373,7 @@ class windowsUser extends baseModule implements passwordService,AccountStatusPro } else { $container->add(new htmlSubTitle(_('Crop image')), 12); - $jpeg_filename = 'jpg' . getRandomNumber() . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $this->attributes['jpegPhoto'][0]); fclose ($outjpeg); @@ -2428,7 +2428,7 @@ class windowsUser extends baseModule implements passwordService,AccountStatusPro } if (!empty($_FILES['photoFile']['tmp_name'])) { $handle = fopen($_FILES['photoFile']['tmp_name'], "r"); - $data = fread($handle, 10000000); + $data = fread($handle, 100000000); fclose($handle); if (!empty($this->moduleSettings['windowsUser_jpegPhoto_maxSize'][0]) && (strlen($data) > (1024 * $this->moduleSettings['windowsUser_jpegPhoto_maxSize'][0]))) { $errMsg = $this->messages['file'][3]; @@ -4561,8 +4561,7 @@ class windowsUser extends baseModule implements passwordService,AccountStatusPro } } } - $imgNumber = getRandomNumber(); - $jpeg_filename = 'jpg' . $imgNumber . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $entry[$attribute][0]); fclose ($outjpeg); diff --git a/lam/lib/treeview.inc b/lam/lib/treeview.inc index ddfc035d1..fe55a51c6 100644 --- a/lam/lib/treeview.inc +++ b/lam/lib/treeview.inc @@ -395,35 +395,35 @@ class TreeView { $row->add($newAttributeSelect, 12); $newAttributesContentSingleInput = new htmlResponsiveRow(); $newAttributesContentSingleInput->addLabel(new htmlOutputText('PLACEHOLDER_SINGLE_INPUT_LABEL')); - $newAttributesContentSingleInput->addField($this->getAttributeContentField('placeholder' . getRandomNumber(), array(''), false, false, false, null)); + $newAttributesContentSingleInput->addField($this->getAttributeContentField('placeholder' . generateRandomText(), array(''), false, false, false, null)); $row->add(new htmlDiv('new-attributes-single-input', $newAttributesContentSingleInput, array('hidden')), 12); $newAttributesContentMultiInput = new htmlResponsiveRow(); $newAttributesContentMultiInput->addLabel(new htmlOutputText('PLACEHOLDER_MULTI_INPUT_LABEL')); - $newAttributesContentMultiInput->addField($this->getAttributeContentField('placeholder' . getRandomNumber(), array(''), false, true, false, null)); + $newAttributesContentMultiInput->addField($this->getAttributeContentField('placeholder' . generateRandomText(), array(''), false, true, false, null)); $row->add(new htmlDiv('new-attributes-multi-input', $newAttributesContentMultiInput, array('hidden')), 12); $newAttributesContentSingleTextarea = new htmlResponsiveRow(); $newAttributesContentSingleTextarea->addLabel(new htmlOutputText('PLACEHOLDER_SINGLE_TEXTAREA_LABEL')); - $newAttributesContentSingleTextarea->addField($this->getAttributeContentField('placeholder' . getRandomNumber(), array(''), false, false, true, null)); + $newAttributesContentSingleTextarea->addField($this->getAttributeContentField('placeholder' . generateRandomText(), array(''), false, false, true, null)); $row->add(new htmlDiv('new-attributes-single-textarea', $newAttributesContentSingleTextarea, array('hidden')), 12); $newAttributesContentMultiTextarea = new htmlResponsiveRow(); $newAttributesContentMultiTextarea->addLabel(new htmlOutputText('PLACEHOLDER_MULTI_TEXTAREA_LABEL')); - $newAttributesContentMultiTextarea->addField($this->getAttributeContentField('placeholder' . getRandomNumber(), array(''), false, true, true, null)); + $newAttributesContentMultiTextarea->addField($this->getAttributeContentField('placeholder' . generateRandomText(), array(''), false, true, true, null)); $row->add(new htmlDiv('new-attributes-multi-textarea', $newAttributesContentMultiTextarea, array('hidden')), 12); $newAttributesContentSinglePassword = new htmlResponsiveRow(); $newAttributesContentSinglePassword->addLabel(new htmlOutputText('PLACEHOLDER_SINGLE_PASSWORD_LABEL')); - $newAttributesContentSinglePassword->addField($this->getAttributeContentField('userpassword' . getRandomNumber(), array(''), false, false, false, null)); + $newAttributesContentSinglePassword->addField($this->getAttributeContentField('userpassword' . generateRandomText(), array(''), false, false, false, null)); $row->add(new htmlDiv('new-attributes-single-password', $newAttributesContentSinglePassword, array('hidden')), 12); $newAttributesContentMultiPassword = new htmlResponsiveRow(); $newAttributesContentMultiPassword->addLabel(new htmlOutputText('PLACEHOLDER_MULTI_PASSWORD_LABEL')); - $newAttributesContentMultiPassword->addField($this->getAttributeContentField('userpassword' . getRandomNumber(), array(''), false, true, false, null)); + $newAttributesContentMultiPassword->addField($this->getAttributeContentField('userpassword' . generateRandomText(), array(''), false, true, false, null)); $row->add(new htmlDiv('new-attributes-multi-password', $newAttributesContentMultiPassword, array('hidden')), 12); $newAttributesContentSingleJpeg = new htmlResponsiveRow(); $newAttributesContentSingleJpeg->addLabel(new htmlOutputText('PLACEHOLDER_SINGLE_JPEG_LABEL')); - $newAttributesContentSingleJpeg->addField($this->getAttributeContentField('jpegphoto' . getRandomNumber(), array(''), false, false, false, null)); + $newAttributesContentSingleJpeg->addField($this->getAttributeContentField('jpegphoto' . generateRandomText(), array(''), false, false, false, null)); $row->add(new htmlDiv('new-attributes-single-jpeg', $newAttributesContentSingleJpeg, array('hidden')), 12); $newAttributesContentMultiJpeg = new htmlResponsiveRow(); $newAttributesContentMultiJpeg->addLabel(new htmlOutputText('PLACEHOLDER_MULTI_JPEG_LABEL')); - $newAttributesContentMultiJpeg->addField($this->getAttributeContentField('jpegphoto' . getRandomNumber(), array(''), false, true, true, null)); + $newAttributesContentMultiJpeg->addField($this->getAttributeContentField('jpegphoto' . generateRandomText(), array(''), false, true, true, null)); $row->add(new htmlDiv('new-attributes-multi-jpeg', $newAttributesContentMultiJpeg, array('hidden')), 12); } @@ -732,8 +732,7 @@ class TreeView { * @return htmlElement input field */ private function getAttributeJpegInputField(string $attributeName, string $value, bool $required, int $index): htmlElement { - $imgNumber = getRandomNumber(); - $jpeg_filename = 'jpg' . $imgNumber . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outJpeg = @fopen(__DIR__ . '/../tmp/' . $jpeg_filename, "wb"); fwrite($outJpeg, $value); fclose ($outJpeg); diff --git a/lam/templates/config/confImportExport.php b/lam/templates/config/confImportExport.php index ec48d4d57..69e47e0d0 100644 --- a/lam/templates/config/confImportExport.php +++ b/lam/templates/config/confImportExport.php @@ -265,7 +265,7 @@ printHeaderContents(_("Import and export configuration"), '../..'); } $importer = new ConfigDataImporter(); $importSteps = $importer->getPossibleImportSteps($data); - $tmpFile = __DIR__ . '/../../tmp/internal/import_' . getRandomNumber() . '.tmp'; + $tmpFile = __DIR__ . '/../../tmp/internal/import_' . generateRandomText() . '.tmp'; $file = @fopen($tmpFile, "w"); if ($file) { fputs($file, $data); diff --git a/lam/templates/delete.php b/lam/templates/delete.php index 5fb9c519a..23d53735e 100644 --- a/lam/templates/delete.php +++ b/lam/templates/delete.php @@ -109,7 +109,7 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) { $users[] = substr($dn, $start, $end-$start); } - $sessionKey = $sessionAccountPrefix . (new \DateTime('now', getTimeZone()))->getTimestamp() . getRandomNumber(); + $sessionKey = $sessionAccountPrefix . (new \DateTime('now', getTimeZone()))->getTimestamp() . generateRandomText(); //load account $_SESSION[$sessionKey] = new \accountContainer($type, $sessionKey); // Show HTML Page @@ -191,7 +191,7 @@ if (isset($_POST['delete'])) { addSecurityTokenToMetaHTML($container); $container->add(new htmlHiddenInput('type', $type->getId()), 12); - $sessionKey = $sessionAccountPrefix . (new \DateTime('now', getTimeZone()))->getTimestamp() . getRandomNumber(); + $sessionKey = $sessionAccountPrefix . (new \DateTime('now', getTimeZone()))->getTimestamp() . generateRandomText(); $_SESSION[$sessionKey] = new \accountContainer($type, $sessionKey); // Delete dns $allOk = true; From 36a433e6b91db8876c42a6e86d17a38c06b024bf Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Thu, 5 Jan 2023 07:57:37 +0100 Subject: [PATCH 4/4] changed file name generation --- lam/lib/modules/inetOrgPerson.inc | 13 ++++++------- lam/lib/modules/posixAccount.inc | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 068c56660..e3bf33499 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -1608,7 +1608,7 @@ class inetOrgPerson extends baseModule implements passwordService,AccountStatusP $photoFile = '../../graphics/user.svg'; $noPhoto = true; if (isset($this->attributes['jpegPhoto'][0])) { - $jpeg_filename = 'jpg' . getRandomNumber() . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $this->attributes['jpegPhoto'][0]); fclose ($outjpeg); @@ -1755,7 +1755,7 @@ class inetOrgPerson extends baseModule implements passwordService,AccountStatusP } else { $container->add(new htmlSubTitle(_('Crop image')), 12); - $jpeg_filename = 'jpg' . getRandomNumber() . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $this->attributes['jpegPhoto'][0]); fclose ($outjpeg); @@ -1887,7 +1887,7 @@ class inetOrgPerson extends baseModule implements passwordService,AccountStatusP $table = new htmlTable(); $table->colspan = 10; for ($i = 0; $i < sizeof($this->attributes['userCertificate;binary']); $i++) { - $filename = 'userCertificate' . getRandomNumber() . '.der'; + $filename = 'userCertificate_' . generateRandomText() . '.der'; $pathOut = dirname(__FILE__) . '/../../tmp/' . $filename; $out = @fopen($pathOut, "wb"); @chmod($pathOut, 0640); @@ -3132,7 +3132,7 @@ class inetOrgPerson extends baseModule implements passwordService,AccountStatusP $photo = $_SESSION[self::SESS_PHOTO]; $row = new htmlResponsiveRow(); if (!empty($photo)) { - $jpeg_filename = 'jpegPhoto' . getRandomNumber() . '.jpg'; + $jpeg_filename = 'jpegPhoto_' . generateRandomText() . '.jpg'; $outjpeg = fopen(realpath('../../') . '/tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $photo); fclose ($outjpeg); @@ -3270,7 +3270,7 @@ class inetOrgPerson extends baseModule implements passwordService,AccountStatusP $certTable = new htmlResponsiveRow(); for ($i = 0; $i < sizeof($userCertificates); $i++) { $group = new htmlGroup(); - $filename = 'userCertificate' . getRandomNumber() . '.der'; + $filename = 'userCertificate_' . generateRandomText() . '.der'; $out = @fopen(dirname(__FILE__) . '/../../tmp/' . $filename, "wb"); fwrite($out, $userCertificates[$i]); fclose ($out); @@ -4643,8 +4643,7 @@ class inetOrgPerson extends baseModule implements passwordService,AccountStatusP } } } - $imgNumber = getRandomNumber(); - $jpeg_filename = 'jpg' . $imgNumber . '.jpg'; + $jpeg_filename = 'jpg_' . generateRandomText() . '.jpg'; $outjpeg = @fopen(dirname(__FILE__) . '/../../tmp/' . $jpeg_filename, "wb"); fwrite($outjpeg, $entry[$attribute][0]); fclose ($outjpeg); diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index cda64dfc9..99faa68c2 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -1333,7 +1333,7 @@ class posixAccount extends baseModule implements passwordService,AccountStatusPr && ($this->get_scope() == 'user') && $this->getAccountContainer()->isNewAccount && get_preg($this->attributes['uid'][0], 'username')) { $groupType = $this->getPosixGroupType(); - $sessionKey = 'TMP' . getRandomNumber(); + $sessionKey = 'TMP' . generateRandomText(); $accountContainerTmp = new accountContainer($groupType, $sessionKey); $_SESSION[$sessionKey] = &$accountContainerTmp; $accountContainerTmp->new_account();