From c03737308b0e4468047cf3ed1ffeffb45c95cfe6 Mon Sep 17 00:00:00 2001
From: Council <council@openclaw>
Date: Mon, 20 Apr 2026 13:21:44 +0800
Subject: [PATCH] =?UTF-8?q?fix(Admin):=20=E6=94=B9=E7=94=A8=20random=5Fint?=
 =?UTF-8?q?()=20CSPRNG=EF=BC=8C=E4=BF=AE=E6=AD=A3=20UUID=20v4=20=E7=89=88?=
 =?UTF-8?q?=E6=9C=AC/=E5=8F=98=E4=BD=93=E4=BD=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mt_rand() → random_int()（防种子预测）
版本号 nibble: 8 → 4（符合 RFC 4122 UUID v4）
变体位保持 10xx 格式不变
---
 shopxo/app/plugins/vr_ticket/admin/Admin.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/shopxo/app/plugins/vr_ticket/admin/Admin.php b/shopxo/app/plugins/vr_ticket/admin/Admin.php
index 0af3d18..d77242c 100644
--- a/shopxo/app/plugins/vr_ticket/admin/Admin.php
+++ b/shopxo/app/plugins/vr_ticket/admin/Admin.php
@@ -667,11 +667,15 @@ class Admin extends Common
                 }
 
                 // 生成 room.id（兜底：保证每个房间有唯一 id，支持前端按 id 引用）
+                // 使用 random_int() (CSPRNG)，UUID v4 格式（版本=4，变体=10xx）
                 if (empty($room['id'])) {
                     $room['id'] = sprintf('%08x-%04x-%04x-%04x-%04x%08x',
-                        time(), mt_rand(0, 0xffff), mt_rand(0, 0xffff),
-                        mt_rand(0, 0x3fff) | 0x8000,
-                        mt_rand(0, 0xffff), mt_rand(0, 0xffffffff));
+                        time(),
+                        random_int(0, 0xffff),
+                        random_int(0, 0xffff),
+                        (random_int(0, 0x3fff) & 0x0fff) | 0x4000,  // 版本4 + 变体10xx
+                        random_int(0, 0xffff),
+                        random_int(0, 0xffffffff));
                 }
 
                 // --- 自动补全 seats 字典，解决 'A' 未定义报错 ---