projects
/
e-DoKo.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix error when language is not set
[e-DoKo.git]
/
include
/
user.php
diff --git
a/include/user.php
b/include/user.php
index 19b95440e32edfb4cb2f1e65c49d123873b34b63..5142918fbb9188dd564831c82d377cf6577a8d45 100644
(file)
--- a/
include/user.php
+++ b/
include/user.php
@@
-1,5
+1,5
@@
<?php
<?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014
, 2016
Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
*
* This file is part of e-DoKo.
*
@@
-67,7
+67,8
@@
if(myisset('forgot'))
/* create temporary password, use the fist 8 letters of a md5 hash */
$TIME = (string) time(); /* to avoid collisions */
/* create temporary password, use the fist 8 letters of a md5 hash */
$TIME = (string) time(); /* to avoid collisions */
- $hash = md5('Anewpassword'.$email.$TIME);
+ $rndstring = sha1(rand()); /* add some randomness */
+ $hash = md5('Anewpassword'.$email.$TIME.$rndstring);
$newpw = substr($hash,1,8);
$message = sprintf( _("Someone (hopefully you) requested a new password.\n".
$newpw = substr($hash,1,8);
$message = sprintf( _("Someone (hopefully you) requested a new password.\n".