switch from crypt() to password_hash() and password_verify(), thx to kapsonfire for the hint

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>

install/lib/class.FroxlorInstall.php

@@ -420,30 +420,6 @@ class FroxlorInstall
 		$content[] = $check;
 	}
 
-	/**
-	 * generate safe unique token
-	 *
-	 * @param int $length
-	 * @return string
-	 */
-	private function genUniqueToken(int $length = 16)
-	{
-		if (!isset($length) || intval($length) <= 8) {
-			$length = 16;
-		}
-		if (function_exists('random_bytes')) {
-			return bin2hex(random_bytes($length));
-		}
-		if (function_exists('mcrypt_create_iv')) {
-			return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
-		}
-		if (function_exists('openssl_random_pseudo_bytes')) {
-			return bin2hex(openssl_random_pseudo_bytes($length));
-		}
-		// if everything else fails, use unsafe fallback
-		return substr(md5(uniqid(microtime(), 1)), 0, $length);
-	}
-
 	/**
 	 * create corresponding entries in froxlor database
 	 *
@@ -513,8 +489,8 @@ class FroxlorInstall
 		];
 		$ins_data = array(
 			'loginname' => $this->_data['admin_user'],
-			/* use SHA256 default crypt */
-			'password' => crypt($this->_data['admin_pass1'], '$5$' . $this->genUniqueToken() . $this->genUniqueToken()),
+			/* use system default crypt */
+			'password' => password_hash($this->_data['admin_pass1'], PASSWORD_DEFAULT),
 			'email' => 'admin@' . $this->_data['servername'],
 			'deflang' => $this->_languages[$this->_activelng]
 		);