diff options
author | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:45:59 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:45:59 -0500 |
commit | 782d1155c62c0a879bf587c7e40c3a13bcf6879c (patch) | |
tree | 380060c81a7ebd76870cfd7fb566933b3a7c6efd /modules/user | |
parent | bf704d6ffe55d66a440a55a9d43e8846d46d2440 (diff) | |
download | brdo-782d1155c62c0a879bf587c7e40c3a13bcf6879c.tar.gz brdo-782d1155c62c0a879bf587c7e40c3a13bcf6879c.tar.bz2 |
Drupal 7.24
Diffstat (limited to 'modules/user')
-rw-r--r-- | modules/user/user.module | 6 | ||||
-rw-r--r-- | modules/user/user.pages.inc | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 512420706..7227a1e74 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -717,10 +717,14 @@ function user_password($length = 10) { // Loop the number of times specified by $length. for ($i = 0; $i < $length; $i++) { + do { + // Find a secure random number within the range needed. + $index = ord(drupal_random_bytes(1)); + } while ($index > $len); // Each iteration, pick a random character from the // allowable string and append it to the password: - $pass .= $allowable_characters[mt_rand(0, $len)]; + $pass .= $allowable_characters[$index]; } return $pass; diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index 4cdbc40fa..c14548cf4 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -137,7 +137,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a watchdog('user', 'User %name used one-time login link at time %timestamp.', array('%name' => $account->name, '%timestamp' => $timestamp)); drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.')); // Let the user's password be changed without the current password check. - $token = drupal_hash_base64(drupal_random_bytes(55)); + $token = drupal_random_key(); $_SESSION['pass_reset_' . $user->uid] = $token; drupal_goto('user/' . $user->uid . '/edit', array('query' => array('pass-reset-token' => $token))); } |