Merge pull request #13 from HuongNV13/fixHashPassword

Fix the hashPassword in General Trait

Author: lameze

application/src/Controller/BackOfficeController.php

@@ -69,6 +69,13 @@ public function backOfficeCreateAdmin(string $serverID, Request $request) : Json
                 // 2. Generates and returns token pattern.
                 $newpassword = $this->hashPassword('password', null, true);
 
+                if (!$newpassword['token']) {
+                    return new JsonResponse((object) [
+                        'errcode' => 'M_INVALID_TOKEN',
+                        'error' => 'Cannot hash the token.'
+                    ], 400);
+                }
+
                 // New user, or existing user without any associated Tokens.
                 $password = new Password();
                 $password->setPassword($newpassword['token']);

application/src/Traits/GeneralTrait.php

@@ -73,7 +73,7 @@ private function hashPassword(string $extra = null, string $dashedPattern = null
         $createdTokenPattern = [];
         $dashedPattern = $dashedPattern ? explode(',', $dashedPattern) : [];
         for ($i = 0; $i < strlen($string); $i++) {
-            $randomDashedPosition = count($dashedPattern) > 0 ? (int)$dashedPattern[$i] : (int)rand(1, 10);
+            $randomDashedPosition = count($dashedPattern) > 0 ? (int)$dashedPattern[$i] : rand(4, 10);
             if (count($dashedPattern) > 0) {
                 $previousPosition = (int)($previousPosition + $randomDashedPosition);
                 $token = substr_replace($token ?? $string, '-', $previousPosition, 1);