Make the token really random

author Tom Needham <needham.thomas@gmail.com>

Wed, 4 Apr 2012 13:17:03 +0000 (13:17 +0000)

committer Tom Needham <needham.thomas@gmail.com>

Wed, 4 Apr 2012 13:18:02 +0000 (13:18 +0000)
author Tom Needham <needham.thomas@gmail.com>
Wed, 4 Apr 2012 13:17:03 +0000 (13:17 +0000)
committer Tom Needham <needham.thomas@gmail.com>
Wed, 4 Apr 2012 13:18:02 +0000 (13:18 +0000)
diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php

index 9529c0c957c30daed02239ea92f7dd0f46082efc..a9b7d10804feb3670a631c75c37183417fa9978e 100644 (file)
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -12,7 +12,7 @@ require_once('../../lib/base.php');
  // Someone lost their password:
  if (isset($_POST['user'])) {
         if (OC_User::userExists($_POST['user'])) {
-               $token = sha1($_POST['user'].uniqId());
+               $token = sha1($_POST['user'].md5(uniqid(rand(), true)));
                 OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
                 $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
                 if (!empty($email)) {
author	Tom Needham <needham.thomas@gmail.com>
	Wed, 4 Apr 2012 13:17:03 +0000 (13:17 +0000)
committer	Tom Needham <needham.thomas@gmail.com>
	Wed, 4 Apr 2012 13:18:02 +0000 (13:18 +0000)