fix: Do not publish the secret password of register_bot

database.php

@@ -1,4 +1,4 @@
-<?php  
+<?php
 require_once("config.php");
 if (!isset($config["databaseURI"])) {
 	throw new Exception ("malformed configuration: databaseURI not defined");
@@ -72,7 +72,7 @@ class mxDatabase
 		if (!$this->userRegistered("register_bot")) {
 			$password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]);
 			$config["register_password"] = $password;
-			$myfile = fopen("config.json", "w");
+			$myfile = fopen(dirname(__FILE__) . "/config.json", "w");
 			fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT));
 			fclose($myfile);
 		}
@@ -101,28 +101,28 @@ class mxDatabase
 	function setRegistrationStateVerify($state, $token) {
 		$sql = "UPDATE registrations SET state = " . $state
 			. ' WHERE verify_token = "' . $token . '";';
-		
+
 		return $this->db->exec($sql);
 	}
 
 	function setRegistrationStateById($state, $id) {
 		$sql = "UPDATE registrations SET state = " . $state
 			. ' WHERE id = "' . $id . '";';
-		
+
 		return $this->db->exec($sql);
 	}
 
 	function setRegistrationStateAdmin($state, $token) {
 		$sql = "UPDATE registrations SET state = " . $state
 			. ' WHERE admin_token = "' . $token . '";';
-		
+
 		return $this->db->exec($sql);
 	}
 
 	function setRegistrationState($state, $token) {
 		$sql = "UPDATE registrations SET state = " . $state
 			. " WHERE verify_token = \"" . $token . '" OR admin_token = "' . $token . '";';
-		
+
 		return $this->db->exec($sql);
 	}
 
@@ -152,7 +152,7 @@ class mxDatabase
 	 * @param note Note the user typed in to give a hint
 	 * @param email E-Mail-Adress which will be stored into the database.
 	 * 			This will be send to the server on first login
-	 * 
+	 *
 	 * @return ["verify_token"]
 	 */
 	function addRegistration($first_name, $last_name, $username, $note, $email) {
@@ -164,7 +164,7 @@ class mxDatabase
 			require_once("language.php");
 			throw new Exception($language["USERNAME_REGISTERED"] . " (registered)");
 		}
-		
+
 		$verify_token = bin2hex(random_bytes(16));
 		$admin_token = bin2hex(random_bytes(16));
 
@@ -180,7 +180,7 @@ class mxDatabase
 
 	/**
 	 * Gets the user for the verify_admin page.
-	 * 
+	 *
 	 * @return ArrayOfUser|NULL Array with "first_name, last_name, username, note and email"
 	 * 		as members
 	 */
@@ -205,7 +205,7 @@ class mxDatabase
 
 	/**
 	 * Gets the user when it opens the page to verify its mail
-	 * 
+	 *
 	 * @return ArrayOfUser|NULL Array with "first_name, last_name, note, email and admin_token"
 	 * 		as members
 	 */
@@ -253,11 +253,11 @@ class mxDatabase
 	 * @param username the future localpart of that user
 	 * @param email E-Mail-Adress which will be stored into the database.
 	 * 			This will be send to the server on first login
-	 * 
+	 *
 	 * @return password|NULL with member password as this method generates a
 	 * 			password and saves that into the database
 	 * 			NULL when failed
-	 * 
+	 *
 	 */
 	function addUser($first_name, $last_name, $username, $email) {
 		// check if user already exists and abort in that case
@@ -272,7 +272,7 @@ class mxDatabase
 		$sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES "
 			. '("' . $first_name.'","' . $last_name . '","' . $username . '","'
 			. $password_hash . '","' . $email . '")';
-		
+
 		if ($this->db->exec($sql)) {
 			return $password;
 		}