Merge branch '14.0' of git@github.com:Dolibarr/dolibarr.git into develop

htdocs/core/lib/security2.lib.php

@@ -476,8 +476,8 @@ function getRandomPassword($generic = false, $replaceambiguouschars = null, $len
 			}
 
 			$generated_password = str_shuffle($randomCode);
-		} else // Old platform, non cryptographic random
-		{
+		} else {
+			// Old platform, non cryptographic random
 			$max = strlen($lowercase) - 1;
 			for ($x = 0; $x < $nbofchar; $x++) {
 				$tmp = mt_rand(0, $max);

htdocs/core/modules/security/generate/modGeneratePassStandard.class.php

@@ -99,7 +99,7 @@ class modGeneratePassStandard extends ModeleGenPassword
 		$password = "";
 
 		// define possible characters
-		$possible = "0123456789bcdfghjkmnpqrstvwxyz";
+		$possible = "0123456789qwertyuiopasdfghjklzxcvbnmASDFGHJKLZXCVBNMQWERTYUIOP";
 
 		// set up a counter
 		$i = 0;
@@ -107,10 +107,13 @@ class modGeneratePassStandard extends ModeleGenPassword
 		// add random characters to $password until $length is reached
 		while ($i < $this->length) {
 			// pick a random character from the possible ones
-			$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+			if (function_exists('random_int')) {	// Cryptographic random
+				$char = substr($possible, random_int(0, dol_strlen($possible) - 1), 1);
+			} else {
+				$char = substr($possible, mt_rand(0, dol_strlen($possible) - 1), 1);
+			}
 
-			// we don't want this character if it's already in the password
-			if (!strstr($password, $char)) {
+			if (substr_count($password, $char) <= 6) {	// we don't want this character if it's already 5 times in the password
 				$password .= $char;
 				$i++;
 			}