From: Jon Langseth <jon.langseth@lilug.no>
Date: Wed, 18 Jan 2012 20:54:46 +0000 (+0100)
Subject: The generate_password function gave quite simple passwords (all hex values)
X-Git-Url: https://git.defcon.no/?p=hermes;a=commitdiff_plain;h=da45e1c7a6bfb079e5f5d9deb814b35dd5c39c67

The generate_password function gave quite simple passwords (all hex values)
---

diff --git a/api/lib/user_functions.php b/api/lib/user_functions.php
index 3a53c88..e22412a 100644
--- a/api/lib/user_functions.php
+++ b/api/lib/user_functions.php
@@ -5,11 +5,16 @@ require_once('lib/db_functions.php');
 
 $config = get_config();
 
+// Default length 24 characters to provide a long password
+// that still is short enough that Cisco SPA phones can use it
 function generate_password( $length = 24 )
 {
 	$string = "";
 	 while ( strlen( $string ) < $length )
-		$string .= substr(md5(rand().rand()), 0, $length);
+	 {
+		$string .= crypt(substr(md5(rand().rand()), 0, $length));
+		$string = preg_replace( '/\W/', '', $string);
+	 }
 	return substr( $string, 0, $length );
 
 }