diff options
| author | Tom Needham <needham.thomas@gmail.com> | 2012-04-04 13:17:03 +0000 |
|---|---|---|
| committer | Tom Needham <needham.thomas@gmail.com> | 2012-04-04 13:18:02 +0000 |
| commit | 85f9869f6925ef52c1015916bbc28e13c15abc73 (patch) | |
| tree | 06f219b54a25364d8a1a352138da48d079086218 | |
| parent | 60e3b563e26478eab257413b5cac9b3f619570ac (diff) | |
| download | nextcloud-server-85f9869f6925ef52c1015916bbc28e13c15abc73.tar.gz nextcloud-server-85f9869f6925ef52c1015916bbc28e13c15abc73.zip | |
Make the token really random
| -rw-r--r-- | core/lostpassword/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php index 9529c0c957c..a9b7d10804f 100644 --- a/core/lostpassword/index.php +++ b/core/lostpassword/index.php @@ -12,7 +12,7 @@ require_once('../../lib/base.php'); // Someone lost their password: if (isset($_POST['user'])) { if (OC_User::userExists($_POST['user'])) { - $token = sha1($_POST['user'].uniqId()); + $token = sha1($_POST['user'].md5(uniqid(rand(), true))); OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token); $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); if (!empty($email)) { |