From 1275f48a10cd41fed218b92bacbbb8af3e15152e Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Mon, 8 Mar 2010 15:02:21 +0000
Subject: [PATCH] Fixed the salt generation algorithm in the password reset
 function.

---
 interface/web/login/password_reset.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index e4e2da5ee8..5c23cc495b 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -54,8 +54,10 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != '
 	if($client['client_id'] > 0) {
 		$new_password = md5 (uniqid (rand()));
 		$salt="$1$";
-		for ($n=0;$n<11;$n++) {
-			$salt.=chr(mt_rand(64,126));
+		$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
+		for ($n=0;$n<8;$n++) {
+			//$salt.=chr(mt_rand(64,126));
+			$salt.=$base64_alphabet[mt_rand(0,63)];
 		}
 		$salt.="$";
 		$new_password_encrypted = crypt($new_password,$salt);
-- 
GitLab