Permalink
Browse files

Add more randomness to reset password mechanism.

  • Loading branch information...
1 parent d9707ae commit a18ddd2fe9a920115df580a1ded5b2e33bb12a02 @andyst andyst committed Feb 27, 2010
Showing with 1 addition and 1 deletion.
  1. +1 −1 modules/user/controllers/password.php
@@ -52,7 +52,7 @@ private function _send_reset($form) {
$user_name = $form->reset->inputs["name"]->value;
$user = user::lookup_by_name($user_name);
if ($user && !empty($user->email)) {
- $user->hash = md5(rand());
+ $user->hash = md5(uniqid(mt_rand(), true));
$user->save();
$message = new View("reset_password.html");
$message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");

0 comments on commit a18ddd2

Please sign in to comment.