diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2010-02-27 15:39:36 -0800 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2010-02-27 15:39:36 -0800 |
| commit | a18ddd2fe9a920115df580a1ded5b2e33bb12a02 (patch) | |
| tree | cf230a64666bb3053113f3acb6f0804a3e2bc9a7 | |
| parent | d9707ae749df2770370dc4eeeeaddda28f092d4d (diff) | |
Add more randomness to reset password mechanism.
| -rw-r--r-- | modules/user/controllers/password.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index f5190974..38fa66be 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -52,7 +52,7 @@ class Password_Controller extends Controller { $user_name = $form->reset->inputs["name"]->value; $user = user::lookup_by_name($user_name); if ($user && !empty($user->email)) { - $user->hash = md5(rand()); + $user->hash = md5(uniqid(mt_rand(), true)); $user->save(); $message = new View("reset_password.html"); $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); |