From 57ff06d41808d24a61c4b50ad93ec60b6251cfbe Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Wed, 23 Aug 2023 18:16:35 +0200
Subject: [PATCH] Generate a random string as invite code

---
 pages/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/users.php b/pages/users.php
index d1081ff..333eb3a 100644
--- a/pages/users.php
+++ b/pages/users.php
@@ -31,7 +31,7 @@
             $validator = new FormValidator(array()); // Needed only for CSRF token validation
 
             if($validator->isValid($_POST)) {
-                $inviteID = md5(time().$_SESSION['UUID'].rand(11111, 9999999));
+                $inviteID = bin2hex(random_bytes(16));
                 $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
         
                 $statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)');