<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
/* create temporary password, use the fist 8 letters of a md5 hash */
$TIME = (string) time(); /* to avoid collisions */
- $hash = md5('Anewpassword'.$email.$TIME);
+ $rndstring = sha1(rand()); /* add some randomness */
+ $hash = md5('Anewpassword'.$email.$TIME.$rndstring);
$newpw = substr($hash,1,8);
$message = sprintf( _("Someone (hopefully you) requested a new password.\n".