diff --git a/app/Http/Controllers/AuthController.php b/app/Http/Controllers/AuthController.php
index cc773b0e..796b9808 100644
--- a/app/Http/Controllers/AuthController.php
+++ b/app/Http/Controllers/AuthController.php
@@ -180,7 +180,7 @@ class AuthController extends Controller
 
         $uid = $user->uid;
         // generate token for password resetting
-        $token = base64_encode($user->getToken().substr(time(), 4, 6).Utils::generateRndString(16));
+        $token = base64_encode($user->getToken().substr(time(), 4, 6).str_random(16));
 
         $url = Option::get('site_url')."/auth/reset?uid=$uid&token=$token";
 
diff --git a/app/Services/Cipher/BaseCipher.php b/app/Services/Cipher/BaseCipher.php
index 4961cd43..d6746a87 100644
--- a/app/Services/Cipher/BaseCipher.php
+++ b/app/Services/Cipher/BaseCipher.php
@@ -17,7 +17,7 @@ abstract class BaseCipher implements EncryptInterface
      */
     public function verify($password, $hash, $salt = "")
     {
-        return ($this->hash($password, $salt) === $hash);
+        return hash_equals($hash, $this->hash($password, $salt));
     }
 
 }
diff --git a/app/Services/Utils.php b/app/Services/Utils.php
index a2c93749..701999ba 100644
--- a/app/Services/Utils.php
+++ b/app/Services/Utils.php
@@ -207,32 +207,13 @@ class Utils
         return strlen(stream_get_contents($fp));
     }
 
-    /**
-     * Generate random string
-     *
-     * @param  int  $length
-     * @param  bool $special_chars
-     * @return string
-     */
-    public static function generateRndString($length, $special_chars = true)
-    {
-        $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
-        if ($special_chars) $chars .= "!@#$%^&*()-_ []{}<>~`+=,.;:/?|";
-
-        $rnd_string = '';
-        for ($i = 0; $i < $length; $i++) {
-            $rnd_string .= $chars[mt_rand(0, strlen($chars) - 1)];
-        }
-        return $rnd_string;
-    }
-
     public static function getTimeFormatted($timestamp = 0)
     {
         return ($timestamp == 0) ? date('Y-m-d H:i:s') : date('Y-m-d H:i:s', $timestamp);
     }
 
     /**
-     * Replace content of string according to given rules
+     * Replace content of string according to given rules.
      *
      * @param  string $str
      * @param  array  $rules
@@ -246,6 +227,12 @@ class Utils
         return $str;
     }
 
+    /**
+     * Convert error number of uploading files to human-readable text.
+     *
+     * @param  int  $errno
+     * @return string
+     */
     public static function convertUploadFileError($errno = 0)
     {
         $phpFileUploadErrors = [