diff options
-rw-r--r-- | include/user.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/user.php b/include/user.php index 19b9544..f58293e 100644 --- a/include/user.php +++ b/include/user.php @@ -67,7 +67,8 @@ if(myisset('forgot')) /* create temporary password, use the fist 8 letters of a md5 hash */ $TIME = (string) time(); /* to avoid collisions */ - $hash = md5('Anewpassword'.$email.$TIME); + $rndstring = sha1(rand()); /* add some randomness */ + $hash = md5('Anewpassword'.$email.$TIME.$rndstring); $newpw = substr($hash,1,8); $message = sprintf( _("Someone (hopefully you) requested a new password.\n". |