From fca4b445ba9fd3ca6abdd7c08a59e25b817c537b Mon Sep 17 00:00:00 2001 From: Arun Persaud Date: Sun, 10 Apr 2016 11:42:28 -0700 Subject: BUGFIX: fix password for password recovery (was not random enough) The password was just a constant string, the email, and the current time. Therefore, someone could just request a new password and even without getting the email, just try out different time stamps around the time the person requested the email and recover the temporary password. Added a random string to generate the password, which should fix this. --- include/user.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/user.php b/include/user.php index 19b9544..f58293e 100644 --- a/include/user.php +++ b/include/user.php @@ -67,7 +67,8 @@ if(myisset('forgot')) /* create temporary password, use the fist 8 letters of a md5 hash */ $TIME = (string) time(); /* to avoid collisions */ - $hash = md5('Anewpassword'.$email.$TIME); + $rndstring = sha1(rand()); /* add some randomness */ + $hash = md5('Anewpassword'.$email.$TIME.$rndstring); $newpw = substr($hash,1,8); $message = sprintf( _("Someone (hopefully you) requested a new password.\n". -- cgit v1.2.3-18-g5258