--- sitepass.module	2007-02-10 07:24:20.000000000 -0600
+++ sitepass.new.module	2007-03-16 12:24:34.000000000 -0500
@@ -169,7 +169,7 @@ function sitepass_url($passnumber) {
 function create_pass($account) {
   // Base 36 so that it is easy to say and copy.  Replace easy to confuse letters.
   // so that there is no confusion.  It ends up only a 33 letter alphabet.
-  $passnumber = substr(_dec2string(_string2dec(substr(md5(time()),2,12),16),36),2,6);
+  $passnumber = sitepass_passgen();
   $passnumber = str_replace("0", "9", $passnumber);
   $passnumber = str_replace("O", "P", $passnumber);
   $passnumber = str_replace("1", "2", $passnumber);
@@ -465,94 +465,41 @@ function sitepass_disable() {
 }
 
 /**
- * Convert a decimal number into a string using $base
- * Copied under GPL from http://www.tonymarston.net/php-mysql/showsource.php?file=converter.php
- */
-function _dec2string ($decimal, $base)
-{
-  //DebugBreak();
-  global $error;
-  $string = null;
-  
-  $base = (int)$base;
-  if ($base < 2 | $base > 36 | $base == 10) {
-    echo 'BASE must be in the range 2-9 or 11-36';
-    exit;
-  } // if
-  
-  // maximum character string is 36 characters
-  $charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-  
-  // strip off excess characters (anything beyond $base)
-  $charset = substr($charset, 0, $base);
-  
-if (!ereg('(^[0-9]{1,16}$)', trim($decimal))) {
-    $error['dec_input'] = 'Value must be a positive integer';
-    return false;
-  } // if
-  
-  do {
-    // get remainder after dividing by BASE
-    $remainder = bcmod($decimal, $base);
-    
-    $char    = substr($charset, $remainder, 1);   // get CHAR from array
-    $string  = "$char$string";          // prepend to output
-    
-    //$decimal   = ($decimal - $remainder) / $base;
-    $decimal   = bcdiv(bcsub($decimal, $remainder), $base);
-    
-  } while ($decimal > 0);
-  
-  return $string;
-  
-} // _dec2string
-
-/**
- * Convert a string into a decimal number using $base
- * Copied under GPL from http://www.tonymarston.net/php-mysql/showsource.php?file=converter.php
- */
-function _string2dec ($string, $base)
-{
-  
-  global $error;
-  $decimal = 0;
-  
-  $base = (int)$base;
-  if ($base < 2 | $base > 36 | $base == 10) {
-    echo 'BASE must be in the range 2-9 or 11-36';
-    exit;
-  } // if
-  
-  // maximum character string is 36 characters
-  $charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
-  
-  // strip off excess characters (anything beyond $base)
-  $charset = substr($charset, 0, $base);
-  
-  $string = strtoupper(trim($string));
-  if (empty($string)) {
-    $error[] = 'Input string is empty';
-    return false;
-  } // if
-  
-  do {
-    $char   = substr($string, 0, 1);  // extract leading character
-    $string = substr($string, 1);     // drop leading character
-    
-    $pos = strpos($charset, $char);   // get offset in $charset
-    if ($pos === false) {
-      $error[] = "Illegal character ($char) in INPUT string";
-      return false;
-    } // if
-    
-    //$decimal = ($decimal * $base) + $pos;
-    $decimal = bcadd(bcmul($decimal, $base), $pos);
-    
-  } while($string <> null);
-  
-  return $decimal;
-  
-} 
+* Generate an initial six-digit passcode.
+* 
+* @return 
+*   A six-digit alphanumeric string.
+*/
+function sitepass_passgen() {
+	// define a bunch of variables
+	define('numbers', 15);
+	define('letters', 15);
+	$output = '';
+	$passr = array();
+	
+	// generate 15 random characters and 15 random numbers
+	for($i = 0; $i < 15; $i++) {
+		//pulling from range 65-90 (A-Z) of ASCII character set
+		$letters[$i] = chr(mt_rand(65, 90));
+		//limiting numbers to 0 - 9
+		$numbers[$i] = mt_rand(0, 9);
+	}
+	//merge our arrays and shuffle them
+	$alphanum = array_merge($letters, $numbers);
+	shuffle($alphanum);
+	shuffle($alphanum);
+	
+	//pull six array indexes at random
+	$members = array_rand($alphanum, 6);
+	
+	// pass the array indexes into a string	
+	foreach ($members as $iter) {
+		$output .= $alphanum[$iter];
+	}
+	
+	// hand back the string
+	return $output;
+}	
 
 /**
  * Menu callback; process one request for a sitepass.
