Browse code

fixed security bug related to generating phplib_id of admin phplib_id should be difficulty to guess

Karel Kozlik authored on 13/04/2004 19:14:32
Showing 1 changed files
... ...
@@ -166,6 +166,14 @@ credentials()
166 166
 		echo "HA1B calculation failed"
167 167
 		exit 1
168 168
 	fi
169
+
170
+  #PHPLIB_ID of users should be difficulty to guess for security reasons
171
+  NOW=`date`;
172
+  PHPLIB_ID=`$GENHA1 "$RANDOM" "$NOW" $SIP_DOMAIN`
173
+	if [ $? -ne 0 ] ; then
174
+    echo "PHPLIB_ID calculation failed"
175
+		exit 1
176
+	fi
169 177
 }
170 178
 
171 179
 ser_create () # pars: <database name> [<no_init_user>]
... ...
@@ -184,7 +192,7 @@ if [ $# -eq 1 ] ; then
184 192
 		'root@localhost', '2002-09-04 19:37:45', '0000-00-00 00:00:00',
185 193
 		'57DaSIPuCm52UNe54LF545750cfdL48OMZfroM53', 'o', '', '',
186 194
 		'$HA1', '$SIP_DOMAIN', '$HA1B',
187
-    '65e397cda0aa8e3202ea22cbd350e4e9' );
195
+    '$PHPLIB_ID' );
188 196
 
189 197
     INSERT INTO admin_privileges ($USERCOL, domain, priv_name, priv_value)
190 198
     VALUES ('admin', '$SIP_DOMAIN', 'is_admin', '1');