From 66a872ce9c196bc0e1f65441e02350670f81960a Mon Sep 17 00:00:00 2001
From: Steven Roose <stevenroose@gmail.com>
Date: Fri, 7 Aug 2015 21:39:48 +0200
Subject: [PATCH] Truely random secret string

---
 conf/ampache.cfg.php | 3 +--
 scripts/install      | 2 ++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/conf/ampache.cfg.php b/conf/ampache.cfg.php
index bc3450e..929858a 100644
--- a/conf/ampache.cfg.php
+++ b/conf/ampache.cfg.php
@@ -62,7 +62,7 @@ database_password = "yunopass"
 
 ; Cryptographic secret
 ; This MUST BE changed with your own secret key. Ampache-specific, just pick any random string you want.
-secret_key = "abcdefghijklmnoprqstuvwyz0123456"
+secret_key = "RANDOMKEYTOCHANGE"
 
 ; Length that a session will last expressed in seconds. Default is
 ; one hour.
@@ -984,4 +984,3 @@ force_ssl = "true"
 ; so that the ordering is sane.
 ; DEFAULT: auto
 ;mb_detect_order = "ASCII,UTF-8,EUC-JP,ISO-2022-JP,SJIS,JIS"
-
diff --git a/scripts/install b/scripts/install
index c78524f..401c768 100644
--- a/scripts/install
+++ b/scripts/install
@@ -46,6 +46,8 @@ sudo sed -i "s/yunobase/$db_user/g" $final_path/config/ampache.cfg.php
 sudo sed -i "s/yunoadmin/$admin_ampache/g" /tmp/admin.sql
 sed -i "s@PATHTOCHANGE@$path@g" $final_path/config/ampache.cfg.php
 sed -i "s@DOMAINTOCHANGE@$domain@g" $final_path/config/ampache.cfg.php
+random_key=db_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{24\}\).*/\1/p')
+sed -i "s@RANDOMKEYTOCHANGE@$random_key@g" $final_path/config/ampache.cfg.php
 
 # Set permissions to roundcube directory
 sudo chown -R www-data: $final_path