From c5906dfb2fd49b1c33f473a59ab98b157a955cfd Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 12 Dec 2025 11:42:54 +0000
Subject: [PATCH] Add generate_app_passwd function and update mobileconfig.php
 to use it

Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
---
 data/web/inc/functions.inc.php | 54 ++++++++++++++++++++++++++++++++++
 data/web/mobileconfig.php      |  2 +-
 2 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php
index 1947ec465..7ec7c5251 100644
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -251,6 +251,60 @@ function password_check($password1, $password2) {
 
   return true;
 }
+function generate_app_passwd($length = 32) {
+  // Get password complexity requirements
+  $password_complexity = password_complexity('get');
+  
+  // Determine the actual length to use
+  $required_length = max($length, intval($password_complexity['length']));
+  
+  // Define character sets
+  $lowercase = 'abcdefghijklmnopqrstuvwxyz';
+  $uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+  $digits = '0123456789';
+  $special = '!@#$%^&*()-_=+[]{}|;:,.<>?';
+  
+  // Build the character pool based on requirements
+  $pool = '';
+  $required_chars = '';
+  
+  // Always include digits and lowercase (basic requirement for hex compatibility)
+  $pool .= $digits . $lowercase;
+  
+  // Add one required digit
+  $required_chars .= $digits[random_int(0, strlen($digits) - 1)];
+  
+  // Add lowercase letter if chars required
+  if ($password_complexity['chars'] == 1) {
+    $required_chars .= $lowercase[random_int(0, strlen($lowercase) - 1)];
+  }
+  
+  // Add uppercase letters if lowerupper required
+  if ($password_complexity['lowerupper'] == 1) {
+    $pool .= $uppercase;
+    $required_chars .= $uppercase[random_int(0, strlen($uppercase) - 1)];
+    $required_chars .= $lowercase[random_int(0, strlen($lowercase) - 1)];
+  }
+  
+  // Add special characters if required
+  if ($password_complexity['special_chars'] == 1) {
+    $pool .= $special;
+    $required_chars .= $special[random_int(0, strlen($special) - 1)];
+  }
+  
+  // Generate remaining characters
+  $remaining_length = $required_length - strlen($required_chars);
+  $password = $required_chars;
+  
+  for ($i = 0; $i < $remaining_length; $i++) {
+    $password .= $pool[random_int(0, strlen($pool) - 1)];
+  }
+  
+  // Shuffle the password to mix required chars with random ones
+  $password = str_shuffle($password);
+  
+  return $password;
+}
 function last_login($action, $username, $sasl_limit_days = 7, $ui_offset = 1) {
   global $pdo;
   global $redis;
diff --git a/data/web/mobileconfig.php b/data/web/mobileconfig.php
index 44aaa30ae..10ce51fee 100644
--- a/data/web/mobileconfig.php
+++ b/data/web/mobileconfig.php
@@ -52,7 +52,7 @@ if (isset($_GET['app_password'])) {
   else
       $platform = $_SERVER['HTTP_USER_AGENT'];
   
-  $password = bin2hex(openssl_random_pseudo_bytes(16));
+  $password = generate_app_passwd();
   $attr = array(
       'app_name' => $platform,
       'app_passwd' => $password,