rand() + uniqid() are not from cryptographic quality
This commit is contained in:
parent
578aa4e425
commit
36f1c9b083
|
@ -13,7 +13,7 @@ require_once '../../lib/base.php';
|
||||||
// Someone lost their password:
|
// Someone lost their password:
|
||||||
if (isset($_POST['user'])) {
|
if (isset($_POST['user'])) {
|
||||||
if (OC_User::userExists($_POST['user'])) {
|
if (OC_User::userExists($_POST['user'])) {
|
||||||
$token = sha1($_POST['user'].md5(uniqid(rand(), true)));
|
$token = hash("sha256", $_POST['user'].openssl_random_pseudo_bytes(10, $cstrong));
|
||||||
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
|
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
|
||||||
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
|
||||||
if (!empty($email)) {
|
if (!empty($email)) {
|
||||||
|
|
Loading…
Reference in New Issue