auth_base: choose random password if not supplied by auth module

classes/auth/base.php

@@ -16,10 +16,12 @@ class Auth_Base {
 
 	// Auto-creates specified user if allowed by system configuration
 	// Can be used instead of find_user_by_login() by external auth modules
-	function auto_create_user($login, $password) {
+	function auto_create_user($login, $password = false) {
 		if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
 			$user_id = $this->find_user_by_login($login);
 
+			if (!$password) $password = make_password();
+
 			if (!$user_id) {
 				$login = $this->dbh->escape_string($login);
 				$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);