X-Git-Url: https://git.defcon.no/?a=blobdiff_plain;f=api%2Flib%2Fuser_functions.php;h=a1a9b0c6ee3cd7fbcc0783d72d0ba0a59f7fc748;hb=60bf626a9d34dee29c5644a2a5c8c24829c87f13;hp=e22412a6516ab2f80bd5d72d29895147b7ac447d;hpb=ad1d2910ca34f0d69be10b637a4294a400beceb8;p=hermes

diff --git a/api/lib/user_functions.php b/api/lib/user_functions.php
index e22412a..a1a9b0c 100644
--- a/api/lib/user_functions.php
+++ b/api/lib/user_functions.php
@@ -12,10 +12,10 @@ function generate_password( $length = 24 )
 	$string = "";
 	 while ( strlen( $string ) < $length )
 	 {
-		$string .= crypt(substr(md5(rand().rand()), 0, $length));
+		$string .= crypt(substr(md5(rand().rand()), 0, $length+1));
 		$string = preg_replace( '/\W/', '', $string);
 	 }
-	return substr( $string, 0, $length );
+	return substr( $string, 1, $length );
 
 }
 
@@ -240,9 +240,9 @@ function list_users ( $search = null )
 	global $config;
 	$query = sprintf("SELECT CONCAT(username, '@', domain), displayname FROM %s ORDER BY username,domain", $config['provision_users_table'] );
 
-	if ( array_key_exists ( 'search', $_GET ) )
+	if ( array_key_exists ( 'search', $_POST ) )
 	{
-		$search = $_GET['search']; // TODO: Add some sanitation and input validation!
+		$search = $_POST['search']; // TODO: Add some sanitation and input validation!
 		$query = sprintf("SELECT CONCAT(username, '@', domain) FROM %s WHERE CONCAT(username, '@', domain) LIKE '%%%s%%' ORDER BY username,domain", $config['provision_users_table'], sql_clean( $search ) );
 	}