make sure we've ran our own random seeder before using mt_rand

[squirrelmail.git] / plugins / change_password / backend / ldap.php

diff --git a/plugins/change_password/backend/ldap.php b/plugins/change_password/backend/ldap.php
index d325cb3cf84ff6c21d2c273f5a8e64959952a572..a947ba0dd90d41b9cd167de095d668464fbc09bf 100644 (file)
--- a/plugins/change_password/backend/ldap.php
+++ b/plugins/change_password/backend/ldap.php
@@ -554,6 +554,7 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {

+                sq_mt_randomize();

                 $salt = mhash_keygen_s2k( MHASH_MD5, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
             }
             $ret = "{SMD5}".base64_encode( mhash( MHASH_MD5, $pass.$salt ).$salt );
                 $salt = mhash_keygen_s2k( MHASH_MD5, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
             }
             $ret = "{SMD5}".base64_encode( mhash( MHASH_MD5, $pass.$salt ).$salt );


@@ -594,6 +595,7 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') {
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {
             if ($forced_salt!='') {
                 $salt=$forced_salt;
             } else {

+                sq_mt_randomize();

                 $salt = mhash_keygen_s2k( MHASH_SHA1, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
             }
             $ret = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $pass.$salt ).$salt );
                 $salt = mhash_keygen_s2k( MHASH_SHA1, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 );
             }
             $ret = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $pass.$salt ).$salt );