From 3791b5891b0644625c7b05b63fc27fc5086a0f2c Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 23 Jun 2012 14:55:21 +0200
Subject: [PATCH] use more secure password hash for admin pass FS#2536

---
 conf/users.auth.php.dist |  2 +-
 install.php              | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/conf/users.auth.php.dist b/conf/users.auth.php.dist
index 6576eeb5f..df3c78482 100644
--- a/conf/users.auth.php.dist
+++ b/conf/users.auth.php.dist
@@ -6,5 +6,5 @@
 #
 # Format:
 #
-# user:MD5password:Real Name:email:groups,comma,seperated
+# login:passwordhash:Real Name:email:groups,comma,seperated
 
diff --git a/install.php b/install.php
index bd43c6f99..80e9ad407 100644
--- a/install.php
+++ b/install.php
@@ -9,6 +9,8 @@ if(!defined('DOKU_INC')) define('DOKU_INC',dirname(__FILE__).'/');
 if(!defined('DOKU_CONF')) define('DOKU_CONF',DOKU_INC.'conf/');
 if(!defined('DOKU_LOCAL')) define('DOKU_LOCAL',DOKU_INC.'conf/');
 
+require_once(DOKU_INC.'inc/PassHash.class.php');
+
 // check for error reporting override or set error reporting to sane values
 if (!defined('DOKU_E_LEVEL')) { error_reporting(E_ALL ^ E_NOTICE); }
 else { error_reporting(DOKU_E_LEVEL); }
@@ -50,6 +52,7 @@ $dokuwiki_hash = array(
     '2011-05-25'   => '4241865472edb6fa14a1227721008072',
     '2011-11-10'   => 'b46ff19a7587966ac4df61cbab1b8b31',
     '2012-01-25'   => '72c083c73608fc43c586901fd5dabb74',
+    'devel'        => 'eb0b3fc90056fbc12bac6f49f7764df3'
 );
 
 
@@ -318,9 +321,13 @@ EOT;
     $ok = $ok && fileWrite(DOKU_LOCAL.'local.php',$output);
 
     if ($d['acl']) {
+        // hash the password
+        $phash = new PassHash();
+        $pass = $phash->hash_smd5($d['password']);
+
         // create users.auth.php
-        // --- user:MD5password:Real Name:email:groups,comma,seperated
-        $output = join(":",array($d['superuser'], md5($d['password']), $d['fullname'], $d['email'], 'admin,user'));
+        // --- user:SMD5password:Real Name:email:groups,comma,seperated
+        $output = join(":",array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
         $output = @file_get_contents(DOKU_CONF.'users.auth.php.dist')."\n$output\n";
         $ok = $ok && fileWrite(DOKU_LOCAL.'users.auth.php', $output);
 
-- 
GitLab