From 1c2c52651acaac9cb2b07b669ad35d2465fc5924 Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Sun, 20 Jul 2008 15:06:33 +0000
Subject: [PATCH] Make webadmin generate salted passwords, too

git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1139 726aef4b-f618-498e-8847-2d620e286838
---
 Utils.cpp            | 9 +++++++--
 Utils.h              | 3 ++-
 modules/webadmin.cpp | 4 +++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/Utils.cpp b/Utils.cpp
index 8aea3a76..e01f39dc 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -189,8 +189,9 @@ CString CUtils::GetHashPass() {
 	return "";
 }
 
-CString CUtils::GetSaltedHashPass(CString& sSalt, unsigned int uiSaltLength) {
-	sSalt = CString::RandomString(uiSaltLength);
+CString CUtils::GetSaltedHashPass(CString& sSalt) {
+	sSalt = GetSalt();
+	unsigned int uiSaltLength = sSalt.length();
 	const char *pSalt = sSalt.c_str();
 
 	while (true) {
@@ -232,6 +233,10 @@ CString CUtils::GetSaltedHashPass(CString& sSalt, unsigned int uiSaltLength) {
 	return "";
 }
 
+CString CUtils::GetSalt() {
+	return CString::RandomString(20);
+}
+
 char* CUtils::GetPass(const CString& sPrompt) {
 	PrintPrompt(sPrompt);
 	return getpass("");
diff --git a/Utils.h b/Utils.h
index 78daacff..030355d1 100644
--- a/Utils.h
+++ b/Utils.h
@@ -52,7 +52,8 @@ public:
 	static void PrintAction(const CString& sMessage);
 	static void PrintStatus(bool bSuccess, const CString& sMessage = "");
 	static CString GetHashPass();
-	static CString GetSaltedHashPass(CString& sSalt, unsigned int uiSaltLength = 20);
+	static CString GetSaltedHashPass(CString& sSalt);
+	static CString GetSalt();
 	static char* GetPass(const CString& sPrompt);
 	static bool GetInput(const CString& sPrompt, CString& sRet, const CString& sDefault = "", const CString& sHint = "");
 	static bool GetBoolInput(const CString& sPrompt, bool bDefault);
diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp
index 40ad5b63..d083be9d 100644
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -1023,7 +1023,9 @@ CUser* CWebAdminSock::GetNewUser(CString& sPageRet, CUser* pUser) {
 	}
 
 	if (!sArg.empty()) {
-		pNewUser->SetPass(sArg.MD5(), true);
+		CString sSalt = CUtils::GetSalt();
+		CString sSaltedPass = sArg + sSalt;
+		pNewUser->SetPass(sSaltedPass.MD5(), true, sSalt);
 	}
 
 	VCString vsArgs;