Skip to content

Commit 646e44b

Browse files
author
Florian Schaal
committed
Increase security by random password for admin-user during install (Fixes #4874)
1 parent ea3e02f commit 646e44b

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

install/install.php

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -551,8 +551,9 @@
551551

552552
//** Customise the port ISPConfig runs on
553553
$ispconfig_vhost_port = $inst->free_query('ISPConfig Port', '8080','ispconfig_port');
554-
$conf['interface_password'] = $inst->free_query('Admin password', 'admin','ispconfig_admin_password');
555-
if($conf['interface_password'] != 'admin') {
554+
$temp_admin_password = str_shuffle(bin2hex(openssl_random_pseudo_bytes(4)));
555+
$conf['interface_password'] = $inst->free_query('Admin password', $temp_admin_password, 'ispconfig_admin_password');
556+
if($conf['interface_password'] != $temp_admin_password) {
556557
$check = false;
557558
do {
558559
unset($temp_password);
@@ -563,6 +564,7 @@
563564
}
564565
unset($check);
565566
unset($temp_password);
567+
unset($temp_admin_password);
566568
if($conf['apache']['installed'] == true) $conf['apache']['vhost_port'] = $ispconfig_vhost_port;
567569
if($conf['nginx']['installed'] == true) $conf['nginx']['vhost_port'] = $ispconfig_vhost_port;
568570
unset($ispconfig_vhost_port);

0 commit comments

Comments
 (0)