From: Jon Langseth Date: Wed, 18 Jan 2012 20:54:46 +0000 (+0100) Subject: The generate_password function gave quite simple passwords (all hex values) X-Git-Url: https://git.defcon.no/?a=commitdiff_plain;h=da45e1c7a6bfb079e5f5d9deb814b35dd5c39c67;p=hermes The generate_password function gave quite simple passwords (all hex values) --- diff --git a/api/lib/user_functions.php b/api/lib/user_functions.php index 3a53c88..e22412a 100644 --- a/api/lib/user_functions.php +++ b/api/lib/user_functions.php @@ -5,11 +5,16 @@ require_once('lib/db_functions.php'); $config = get_config(); +// Default length 24 characters to provide a long password +// that still is short enough that Cisco SPA phones can use it function generate_password( $length = 24 ) { $string = ""; while ( strlen( $string ) < $length ) - $string .= substr(md5(rand().rand()), 0, $length); + { + $string .= crypt(substr(md5(rand().rand()), 0, $length)); + $string = preg_replace( '/\W/', '', $string); + } return substr( $string, 0, $length ); }