From 3913d28de7482d5b52ee6497d6d15d1fcf7b8d1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Sun, 27 Nov 2005 21:06:17 +0000
Subject: [PATCH] better blowfish secret generation

---
 scripts/setup.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/setup.php b/scripts/setup.php
index aeb39d9c0..08e8864cb 100644
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -970,8 +970,7 @@ switch ($action) {
                 $show_info = TRUE;
                 if ($new_server['auth_type'] == 'cookie' && empty($cfg['blowfish_secret'])) {
                     message('notice', 'You did not have configured blowfish secret and you want to use cookie authentication so I generated blowfish secret for you. It is used to encrypt cookies.', 'Blowfist secret generated');
-                    // FIXME: Find better way:
-                    $cfg['blowfish_secret'] = '' . rand();
+                    $cfg['blowfish_secret'] = uniqid('', TRUE);
                 }
             }
             unset($new_server);