#14 Encrypted passwords for AMP users

[Brent Gerig]

The passwords for the amp admin users are stored in the
database in plaintext. To change this requires two very
small changes:

In /var/www/html/admin/functions.inc.php
Change line 122 from:
return ($this->_password === $password);
to:
return ($this->_password === md5($password));

In /var/www/html/admin/modules/core/functions.inc.php
Change line 345 from:
$sql .= "'".$password."',";
to:
$sql .= "md5('".$password."'),";

If you already have users set up, you can also encrypt
all of their passwords by running the following in
PhpMyAdmin:
update ampusers set password = md5(password);

This would be a very simple and beneficial change to
make to the Trixbox release.