Better use random_int

helmo · helmo · commit febd6ab12563 · 2022-03-11T21:58:24.000+01:00
diff --git a/interface/web/login/otp.php b/interface/web/login/otp.php
@@ -129,8 +129,7 @@ function finish_2fa_success($msg = '') {
 
 	//* set code
 	if(!isset($_SESSION['otp']['code']) || empty($_SESSION['otp']['code'])) {
-		// Random int between 10^($code_length-1) and 10^$code_length
-		$_SESSION['otp']['code'] = rand(pow(10, $code_length - 1), pow(10, $code_length) - 1);
+		$_SESSION['otp']['code'] = random_int(100000, 999999);
 		$_SESSION['otp']['starttime'] = time();
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -129,8 +129,7 @@ function finish_2fa_success($msg = '') {`
`129`	`129`
`130`	`130`	`//* set code`
`131`	`131`	`if(!isset($_SESSION['otp']['code']) \|\| empty($_SESSION['otp']['code'])) {`
`132`		`- // Random int between 10^($code_length-1) and 10^$code_length`
`133`		`- $_SESSION['otp']['code'] = rand(pow(10, $code_length - 1), pow(10, $code_length) - 1);`
	`132`	`+ $_SESSION['otp']['code'] = random_int(100000, 999999);`
`134`	`133`	`$_SESSION['otp']['starttime'] = time();`
`135`	`134`	`}`
`136`	`135`