From 77ae3aa387bee45ee049562ca549185a969b9937 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Sun, 1 Feb 2015 13:57:06 +0100
Subject: [PATCH] generate only password that match our complexity-settings in
 customer_email.php; don't use md5() for the admin password in the
 installation process

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 customer_email.php                   | 2 +-
 install/lib/class.FroxlorInstall.php | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/customer_email.php b/customer_email.php
index a518baf1..6503d169 100644
--- a/customer_email.php
+++ b/customer_email.php
@@ -451,7 +451,7 @@ if ($page == 'overview') {
 						standard_error('passwordshouldnotbeusername');
 					} else {
 						if ($password == '') {
-							$password = substr(md5(uniqid(microtime(), 1)), 12, 6);
+							$password = generatePassword();
 						}
 
 						$cryptPassword = makeCryptPassword($password);
diff --git a/install/lib/class.FroxlorInstall.php b/install/lib/class.FroxlorInstall.php
index e94df119..6758ec75 100644
--- a/install/lib/class.FroxlorInstall.php
+++ b/install/lib/class.FroxlorInstall.php
@@ -372,7 +372,8 @@ class FroxlorInstall {
 		$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
 		$ins_data = array(
 				'loginname' => $this->_data['admin_user'],
-				'password' => md5($this->_data['admin_pass1']),
+				/* use SHA256 default crypt */
+				'password' => crypt($this->_data['admin_pass1'], '$5$'. md5(uniqid(microtime(), 1)) . md5(uniqid(microtime(), 1))),
 				'email' => 'admin@' . $this->_data['servername'],
 				'deflang' => $this->_languages[$this->_activelng]
 		);