From 0917f9d07ffb4be926d05d3ccdf9bdd24e320e66 Mon Sep 17 00:00:00 2001
From: "Igor Barkov (iwork)" <lopar@lopar.us>
Date: Wed, 30 Sep 2020 16:20:55 +0300
Subject: [PATCH] =?UTF-8?q?=D0=93=D0=B5=D0=BD=D0=B5=D1=80=D0=B0=D1=86?=
 =?UTF-8?q?=D0=B8=D1=8F=20=D1=81=D0=BB=D1=83=D1=87=D0=B0=D0=B9=D0=BD=D0=BE?=
 =?UTF-8?q?=D0=B3=D0=BE=20=D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D1=8F=20=D1=87?=
 =?UTF-8?q?=D0=B5=D1=80=D0=B5=D0=B7=20=D1=85=D1=8D=D1=88=20=D1=81=D0=BB?=
 =?UTF-8?q?=D1=83=D1=87=D0=B0=D0=B9=D0=BD=D0=BE=D0=B9=20=D1=81=D1=82=D1=80?=
 =?UTF-8?q?=D0=BE=D0=BA=D0=B8.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 c_haos.php | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/c_haos.php b/c_haos.php
index c777745..3fcdf76 100644
--- a/c_haos.php
+++ b/c_haos.php
@@ -18,15 +18,13 @@ $in_haos = mysql_fetch_array(mysql_query("SELECT * FROM `cit_haos_status` WHERE
 $owntravma = mysql_fetch_array(mysql_query("SELECT * FROM `effects` WHERE `owner` = " . $user['id'] . " AND (type=13 OR type=12 OR type=14) limit 1;"));
 $wait_msg = "Ждем подтверждения от всей группы...";
 
-function getPass($length = 6)
+/** Генерация случайного пароля через хэш случайной строки.
+ *
+ * @return string
+ */
+function getPass():string
 {
-    $chars = 'abcdefghijklmnopqrstyvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789';
-    $numChars = strlen($chars);
-    $string = '';
-    for ($i = 0; $i < $length; $i++) {
-        $string .= substr($chars, rand(1, $numChars) - 1, 1);
-    }
-    return $string;
+    return hash('crc32', mt_rand());
 }
 
 if (!$in_haos) {
@@ -34,7 +32,7 @@ if (!$in_haos) {
     $in_haos = mysql_fetch_array(mysql_query("SELECT * FROM `cit_haos_status` WHERE `id` = '{$user['id']}' LIMIT 1;"));
 }
 
-$pass_s = getPass(6);
+$pass_s = getPass();
 
 if ($_POST['pay']) {
     if (!$_POST['pay_gr']) $_POST['pay_gr'] = 1;
@@ -180,7 +178,7 @@ Template::header('Цитадель Хаоса');
     } elseif ($in_haos['status'] == 0) {
         $cit_haos_gr = mysql_num_rows(mysql_query("SELECT * FROM `cit_haos_var`;"));
         if ($cit_haos_gr == 0) {
-            $pass_s = getPass(6);
+            $pass_s = getPass();
             mysql_query("INSERT INTO `cit_haos_var`(`group`,`password`) values('1','{$pass_s}');");
             $cit_haos_gr = mysql_num_rows(mysql_query("SELECT * FROM `cit_haos_var`;"));
         }