Fix password generation temp file

webadmin/password.php

@@ -8,16 +8,22 @@ if (isset($_POST['submitacceptpassword'])) {
     $username = htmlspecialchars($_POST['myuser']);
     $newpassword = htmlspecialchars($_POST['mypassword']);
 
+    // Get a random temp file name
+    // Note that we don't use the temp file directly because it gets
+    // deleted when out of scope of this function
+    // On this sytem temp files are only stored on a ram disk
     $temp_file = tmpfile();
-    $password_file_path = stream_get_meta_data($temp_file)['uri'];
+    $password_file_path = stream_get_meta_data($temp_file)['uri'].random_int(0,9999);
+    fclose($temp_file);
+
+    $temp_file = fopen($password_file_path, "w") or die("Unable to create temp file");
+    fwrite($temp_file, $username.",".$newpassword);
+    fclose($temp_file);
 
     $password_file = fopen("changepassword.dat", "w") or die("Unable to create changepassword file");
     fwrite($password_file, $password_file_path);
     fclose($password_file);
 
-    fwrite($temp_file, $username.",".$newpassword);
-    fclose($temp_file);
-
     sleep(5);
 
     $output_filename = "password_changed.html";