From a18ddd2fe9a920115df580a1ded5b2e33bb12a02 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 27 Feb 2010 15:39:36 -0800
Subject: Add more randomness to reset password mechanism.

---
 modules/user/controllers/password.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/user/controllers/password.php')

diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index f5190974..38fa66be 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -52,7 +52,7 @@ class Password_Controller extends Controller {
     $user_name = $form->reset->inputs["name"]->value;
     $user = user::lookup_by_name($user_name);
     if ($user && !empty($user->email)) {
-      $user->hash = md5(rand());
+      $user->hash = md5(uniqid(mt_rand(), true));
       $user->save();
       $message = new View("reset_password.html");
       $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
-- 
cgit v1.2.3