diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-06 16:19:58 +0400 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2012-10-06 16:19:58 +0400 |
commit | 375eae1a5c1cd97501e6f2b770ee2b22668a91e1 (patch) | |
tree | c031f25fd7b2a52f4b2cbfb2b0869eb709462ed4 /core | |
parent | ca216b529647f6ee2c9d9756d2cd9d213c149e29 (diff) |
Use openssl_random_pseudo_bytes if available
This is a backport of ef57e92 /cc @DeepDiver1975
Diffstat (limited to 'core')
-rw-r--r-- | core/lostpassword/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php index b32b56fcb39..58ac8f4acc6 100644 --- a/core/lostpassword/index.php +++ b/core/lostpassword/index.php @@ -13,7 +13,7 @@ require_once('../../lib/base.php'); // Someone lost their password: if (isset($_POST['user'])) { if (OC_User::userExists($_POST['user'])) { - $token = sha1($_POST['user'].md5(uniqid(rand(), true))); + $token = hash("sha256", $_POST['user'].OC_Util::generate_random_bytes(10)); OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token); $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) { |