diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:29:08 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2013-05-31 09:29:08 +0200 |
| commit | 8fcfc7abfd65ccd920753bee341c6bfdebcecd99 (patch) | |
| tree | 03738390a43fcfe892b503a93d5f59aa9fb67c00 /inc | |
| parent | a132f948f22ae344760ee3da82f9f92cf0f18b7b (diff) | |
| download | rpg-8fcfc7abfd65ccd920753bee341c6bfdebcecd99.tar.gz rpg-8fcfc7abfd65ccd920753bee341c6bfdebcecd99.tar.bz2 | |
use HMAC in password reset token FS#2794
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/auth.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/inc/auth.php b/inc/auth.php index af9f35b38..dac67bcb7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -993,7 +993,7 @@ function act_resendpwd() { } // generate auth token - $token = md5(auth_cookiesalt().$user); //secret but user based + $token = PassHash::hmac('md5', $user, auth_cookiesalt()); //secret but user based $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; $url = wl('', array('do'=> 'resendpwd', 'pwauth'=> $token), true, '&'); |