From 4c0f287ace93399cbc74a794b3f9766c443a5d48 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Thu, 31 Oct 2019 08:56:52 +0100
Subject: [PATCH] Generate random token during installation.

---
 .env                         | 2 +-
 main/install/index.php       | 2 ++
 main/install/install.lib.php | 8 ++++++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index fbc7d86839..dd3cc37341 100644
--- a/.env
+++ b/.env
@@ -21,7 +21,7 @@ MAILER_PORT=''
 ###> symfony/framework-bundle ###
 APP_ENV='dev'
 APP_DEBUG='1'
-APP_SECRET='141af65f23c7935a37b504c422f113b0'
+APP_SECRET='{{APP_SECRET}}'
 ###< symfony/framework-bundle ###
 
 ###> chamilo ###
diff --git a/main/install/index.php b/main/install/index.php
index d03c771fb7..38f0f11e32 100755
--- a/main/install/index.php
+++ b/main/install/index.php
@@ -573,6 +573,7 @@ if (isset($_POST['step2'])) {
             '{{APP_INSTALLED}}' => 1,
             '{{APP_ENCRYPT_METHOD}}' => $encryptPassForm,
             '{{APP_URL_APPEND}}' => $urlAppendPath,
+            '{{APP_SECRET}}' => generateRandomToken(),
         ];
 
         error_log('Update env file');
@@ -633,6 +634,7 @@ if (isset($_POST['step2'])) {
             '{{APP_INSTALLED}}' => 1,
             '{{APP_ENCRYPT_METHOD}}' => $encryptPassForm,
             '{{APP_URL_APPEND}}' => $urlAppendPath,
+            '{{APP_SECRET}}' => generateRandomToken(),
         ];
 
         updateEnvFile($distFile, $envFile, $params);
diff --git a/main/install/install.lib.php b/main/install/install.lib.php
index c66ed17bec..e0fc4edde3 100755
--- a/main/install/install.lib.php
+++ b/main/install/install.lib.php
@@ -3750,3 +3750,11 @@ function fixPostGroupIds($connection)
     }
     error_log('End - Fix work documents');
 }
+
+/**
+ * @return string
+ */
+function generateRandomToken()
+{
+    return hash('sha1', uniqid(mt_rand(), true));
+}