Browse files

Use a random value for the password reset hash to reduce the chances

that it can be guessed by an attacker.
  • Loading branch information...
1 parent d987af5 commit 0a66ddd2b4ea676e033102812232dd06644845e7 @bharat bharat committed May 27, 2009
Showing with 1 addition and 2 deletions.
  1. +1 −2 modules/user/controllers/password.php
View
3 modules/user/controllers/password.php
@@ -54,8 +54,7 @@ private function _send_reset() {
}
if ($valid) {
- $user->hash = md5("$user->id; $user->name; $user->full_name; " .
- "$user->login_count; $user->last_login");
+ $user->hash = md5(rand());
$user->save();
$message = new View("reset_password.html");
$message->url = url::abs_site("password/do_reset?key=$user->hash");

0 comments on commit 0a66ddd

Please sign in to comment.