summaryrefslogtreecommitdiffstats
path: root/core/lostpassword/resetpassword.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/lostpassword/resetpassword.php')
-rw-r--r--core/lostpassword/resetpassword.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/lostpassword/resetpassword.php b/core/lostpassword/resetpassword.php
index 28a0063fc64..896c8da76e0 100644
--- a/core/lostpassword/resetpassword.php
+++ b/core/lostpassword/resetpassword.php
@@ -10,7 +10,7 @@ $RUNTIME_NOAPPS = TRUE; //no apps
require_once '../../lib/base.php';
// Someone wants to reset their password:
-if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === $_GET['token']) {
+if(isset($_GET['token']) && isset($_GET['user']) && OC_Preferences::getValue($_GET['user'], 'owncloud', 'lostpassword') === hash("sha256", $_GET['token'])) {
if (isset($_POST['password'])) {
if (OC_User::setPassword($_GET['user'], $_POST['password'])) {
OC_Preferences::deleteKey($_GET['user'], 'owncloud', 'lostpassword');
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-01 12:25:39 +0000