diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-06-02 11:18:19 -0700 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-06-02 11:18:19 -0700 |
| commit | 007becf8ef443a6da5c94e5d53cf4e92cb4b44cc (patch) | |
| tree | 5caa4ab839cf9f91c31767b6b4ec1148724dfc5f /inc/auth.php | |
| parent | b9cf8ad44bcbbbded9d6e991f96b0d5f36310a9b (diff) | |
| parent | 183a7b8845875e4a6b67e466cfff9f5163da3f17 (diff) | |
| download | rpg-007becf8ef443a6da5c94e5d53cf4e92cb4b44cc.tar.gz rpg-007becf8ef443a6da5c94e5d53cf4e92cb4b44cc.tar.bz2 | |
Merge pull request #226 from splitbrain/hmac
Implement HMAC for signature tokens
Diffstat (limited to 'inc/auth.php')
| -rw-r--r-- | inc/auth.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/auth.php b/inc/auth.php index af9f35b38..1f8489f03 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -993,7 +993,7 @@ function act_resendpwd() { } // generate auth token - $token = md5(auth_cookiesalt().$user); //secret but user based + $token = md5(uniqid(mt_rand(), true)); // random secret $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; $url = wl('', array('do'=> 'resendpwd', 'pwauth'=> $token), true, '&'); |