From 25e48e54df60b3df6efa365daceb3a8966c8f427 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Fri, 31 May 2013 14:43:31 +0200
Subject: make password reset token completely random

No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (random) independent from each other.

Conflicts:
	inc/auth.php
---
 inc/auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/auth.php')

diff --git a/inc/auth.php b/inc/auth.php
index 0f3dc8b46..6107645cd 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -1007,7 +1007,7 @@ function act_resendpwd() {
         }
 
         // generate auth token
-        $token = md5(auth_cookiesalt().$user); //secret but user based
+        $token = md5(uniqid(mt_rand(), true)); // random secret
         $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth';
         $url   = wl('', array('do'=> 'resendpwd', 'pwauth'=> $token), true, '&');
 
-- 
cgit v1.2.3