maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

generate only password that match our complexity-settings in customer_email.php; don't use md5() for the admin password in the installation process

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2015-02-01 13:57:06 +01:00
parent 99bed23b95
commit 77ae3aa387
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
customer_email.php
View File

@@ -451,7 +451,7 @@ if ($page == 'overview') {
standard_error('passwordshouldnotbeusername'); standard_error('passwordshouldnotbeusername');
} else { } else {
if ($password == '') { if ($password == '') {
$password = substr(md5(uniqid(microtime(), 1)), 12, 6); $password = generatePassword();
} }
$cryptPassword = makeCryptPassword($password); $cryptPassword = makeCryptPassword($password);

3
install/lib/class.FroxlorInstall.php
View File

@@ -372,7 +372,8 @@ class FroxlorInstall {
$content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']); $content .= $this->_status_message('begin', $this->_lng['install']['adding_admin_user']);
$ins_data = array( $ins_data = array(
'loginname' => $this->_data['admin_user'], 'loginname' => $this->_data['admin_user'],
'password' => md5($this->_data['admin_pass1']), /* use SHA256 default crypt */
'password' => crypt($this->_data['admin_pass1'], '$5$'. md5(uniqid(microtime(), 1)) . md5(uniqid(microtime(), 1))),
'email' => 'admin@' . $this->_data['servername'], 'email' => 'admin@' . $this->_data['servername'],
'deflang' => $this->_languages[$this->_activelng] 'deflang' => $this->_languages[$this->_activelng]
); );