X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Fuser.php;h=5142918fbb9188dd564831c82d377cf6577a8d45;hp=7acf72600a620a3095c4b6ecd304b811784e098b;hb=a83ac7d982fa4f9d49ac3e6dedac8b489f2f7baa;hpb=dd925069d7ffca64f28017ec62e8ebe5abba5d32

diff --git a/include/user.php b/include/user.php
index 7acf726..5142918 100644
--- a/include/user.php
+++ b/include/user.php
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -67,7 +67,8 @@ if(myisset('forgot'))
 
 	    /* create temporary password, use the fist 8 letters of a md5 hash */
 	    $TIME  = (string) time(); /* to avoid collisions */
-	    $hash  = md5('Anewpassword'.$email.$TIME);
+	    $rndstring = sha1(rand()); /* add some randomness */
+	    $hash  = md5('Anewpassword'.$email.$TIME.$rndstring);
 	    $newpw = substr($hash,1,8);
 
 	    $message = sprintf( _("Someone (hopefully you) requested a new password.\n".
@@ -331,7 +332,7 @@ else
 	for($i=0;$i<7;$i++)
 	  {
 	    echo '<img class="gravatar" title="'.$names[$i].
-	      '" src="http://www.gravatar.com/avatar/'.
+	      '" src="https://www.gravatar.com/avatar/'.
 	      md5(strtolower(trim($emails[$i])))."?d=identicon\" />\n";
 	  }
 	echo "</p>\n";