From 1275f48a10cd41fed218b92bacbbb8af3e15152e Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 08 Mar 2010 10:02:21 -0500
Subject: [PATCH] Fixed the salt generation algorithm in the password reset function.

---
 interface/web/login/password_reset.php |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index e4e2da5..5c23cc4 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -54,8 +54,10 @@
 	if($client['client_id'] > 0) {
 		$new_password = md5 (uniqid (rand()));
 		$salt="$1$";
-		for ($n=0;$n<11;$n++) {
-			$salt.=chr(mt_rand(64,126));
+		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+		for ($n=0;$n<8;$n++) {
+			//$salt.=chr(mt_rand(64,126));
+			$salt.=$base64_alphabet[mt_rand(0,63)];
 		}
 		$salt.="$";
 		$new_password_encrypted = crypt($new_password,$salt);

--
Gitblit v1.9.1