install/includes/payload.php
changeset 801 eb8b23f11744
parent 685 17ebe24cdf85
child 819 7ef806a90d44
--- a/install/includes/payload.php	Sat Jan 03 18:11:18 2009 -0500
+++ b/install/includes/payload.php	Sun Jan 04 00:55:40 2009 -0500
@@ -2,7 +2,7 @@
 
 /*
  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
- * Version 1.1.5 (Caoineag alpha 5)
+ * Version 1.1.6 (Caoineag beta 1)
  * Copyright (C) 2006-2008 Dan Fuhry
  * Installation package
  * payload.php - Installer payload (the installation logic)
@@ -96,11 +96,12 @@
     return $sql_parser->parse();
   
   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
+  $hmac_secret = hexencode(AESCrypt::randkey(20), '', '');
   
   $site_key = stg_make_private_key();
   $site_key = hexdecode($site_key);
   $admin_pass_clean = stg_password_decode();
-  $admin_pass = $aes->encrypt($admin_pass_clean, $site_key, ENC_HEX);
+  $admin_pass = hmac_sha1($admin_pass_clean, $hmac_secret);
   
   unset($admin_pass_clean); // Security
   
@@ -137,6 +138,7 @@
       'VERSION'              => $installer_version['version'],
       'ADMIN_USER'           => $db->escape($_POST['username']),
       'ADMIN_PASS'           => $admin_pass,
+      'ADMIN_PASS_SALT'      => $hmac_secret,
       'ADMIN_EMAIL'          => $db->escape($_POST['email']),
       'REAL_NAME'            => '', // This has always been stubbed.
       'ADMIN_EMBED_PHP'      => strval(AUTH_DISALLOW),