codeigniter4 · michalsn · Jun 3, 2025 · Jun 3, 2025 · Jun 3, 2025 · Jun 3, 2025
diff --git a/system/Helpers/text_helper.php b/system/Helpers/text_helper.php
@@ -545,10 +545,8 @@ function reduce_multiples(string $str, string $character = ',', bool $trim = fal
      *
      * Useful for generating passwords or hashes.
      *
-     * @param string $type Type of random string.  basic, alpha, alnum, numeric, nozero, md5, sha1, and crypto
+     * @param string $type Type of random string:  alpha, alnum, numeric, nozero, or crypto
      * @param int    $len  Number of characters
-     *
-     * @deprecated The type 'basic', 'md5', and 'sha1' are deprecated. They are not cryptographically secure.
      */
     function random_string(string $type = 'alnum', int $len = 8): string
     {
@@ -578,12 +576,6 @@ function random_string(string $type = 'alnum', int $len = 8): string
 
                 return sprintf('%0' . $len . 'd', $rand);
 
-            case 'md5':
-                return md5(uniqid((string) mt_rand(), true));
-
-            case 'sha1':
-                return sha1(uniqid((string) mt_rand(), true));
-
             case 'crypto':
                 if ($len % 2 !== 0) {
                     throw new InvalidArgumentException(
@@ -594,8 +586,12 @@ function random_string(string $type = 'alnum', int $len = 8): string
                 return bin2hex(random_bytes($len / 2));
         }
 
-        // 'basic' type treated as default
-        return (string) mt_rand();
+        throw new InvalidArgumentException(
+            sprintf(
+                'Invalid type "%s". Accepted types: alpha, alnum, numeric, nozero, or crypto.',
+                $type,
+            ),
+        );
     }
 }
 

diff --git a/tests/system/Helpers/TextHelperTest.php b/tests/system/Helpers/TextHelperTest.php
@@ -130,12 +130,8 @@ public function testRandomString(): void
         $this->assertSame(16, strlen(random_string('numeric', 16)));
         $this->assertSame(8, strlen(random_string('numeric')));
 
-        $this->assertIsString(random_string('basic'));
         $this->assertSame(16, strlen($random = random_string('crypto', 16)));
         $this->assertIsString($random);
-
-        $this->assertSame(32, strlen($random = random_string('md5')));
-        $this->assertSame(40, strlen($random = random_string('sha1')));
     }
 
     /**
@@ -151,6 +147,16 @@ public function testRandomStringCryptoOddNumber(): void
         random_string('crypto', 9);
     }
 
+    public function testRandomStringWithUnsupportedType(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage(
+            'Invalid type "basic". Accepted types: alpha, alnum, numeric, nozero, or crypto.',
+        );
+
+        random_string('basic');
+    }
+
     public function testIncrementString(): void
     {
         $this->assertSame('my-test_1', increment_string('my-test'));

diff --git a/user_guide_src/source/changelogs/v4.7.0.rst b/user_guide_src/source/changelogs/v4.7.0.rst
@@ -31,6 +31,11 @@ Interface Changes
 Method Signature Changes
 ========================
 
+Removed Deprecated Items
+========================
+
+- **Text Helper:** The deprecated types in ``random_string()`` function: ``basic``, ``md5``, and ``sha1`` has been removed.
+
 ************
 Enhancements
 ************

diff --git a/user_guide_src/source/helpers/text_helper.rst b/user_guide_src/source/helpers/text_helper.rst
@@ -30,21 +30,13 @@ The following functions are available:
     Generates a random string based on the type and length you specify.
     Useful for creating passwords or generating random hashes.
 
-    .. warning:: For types: **basic**, **md5**, and **sha1**, generated strings
-        are not cryptographically secure. Therefore, these types cannot be used
-        for cryptographic purposes or purposes requiring unguessable return values.
-        Since v4.3.3, these types are deprecated.
-
     The first parameter specifies the type of string, the second parameter
     specifies the length. The following choices are available:
 
     - **alpha**: A string with lower and uppercase letters only.
     - **alnum**: Alphanumeric string with lower and uppercase characters.
-    - **basic**: [deprecated] A random number based on ``mt_rand()`` (length ignored).
     - **numeric**: Numeric string.
     - **nozero**: Numeric string with no zeros.
-    - **md5**: [deprecated] An encrypted random number based on ``md5()`` (fixed length of 32).
-    - **sha1**: [deprecated] An encrypted random number based on ``sha1()`` (fixed length of 40).
     - **crypto**: A random string based on ``random_bytes()``.
 
     .. note:: When you use **crypto**, you must set an even number to the second parameter.

diff --git a/utils/phpstan-baseline/loader.neon b/utils/phpstan-baseline/loader.neon
@@ -1,4 +1,4 @@
-# total 3057 errors
+# total 3056 errors
 includes:
     - argument.type.neon
     - assign.propertyType.neon

diff --git a/utils/phpstan-baseline/method.alreadyNarrowedType.neon b/utils/phpstan-baseline/method.alreadyNarrowedType.neon
@@ -1,4 +1,4 @@
-# total 24 errors
+# total 23 errors
 
 parameters:
     ignoreErrors:
@@ -59,7 +59,7 @@ parameters:
 
         -
             message: '#^Call to method PHPUnit\\Framework\\Assert\:\:assertIsString\(\) with string will always evaluate to true\.$#'
-            count: 2
+            count: 1
             path: ../../tests/system/Helpers/TextHelperTest.php
 
         -