]> git.mxchange.org Git - friendica.git/blobdiff - mod/lostpass.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #8883 from annando/replace-getdetails
[friendica.git] / mod / lostpass.php
diff --git a/mod/lostpass.php b/mod/lostpass.php
index 2ce396e36606610e585c7bdd40bb103040d6a372..211477b0dbd252b12322e2521b7456592194e292 100644 (file)
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -41,10 +41,10 @@ function lostpass_post(App $a)
                DI::baseUrl()->redirect();
        }
 
-       $pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
+       $pwdreset_token = Strings::getRandomHex(32);
 
        $fields = [
-               'pwdreset' => $pwdreset_token,
+               'pwdreset' => hash('sha256', $pwdreset_token),
                'pwdreset_time' => DateTimeFormat::utcNow()
        ];
        $result = DBA::update('user', $fields, ['uid' => $user['uid']]);
@@ -95,7 +95,7 @@ function lostpass_content(App $a)
        if ($a->argc > 1) {
                $pwdreset_token = $a->argv[1];
 
-               $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => $pwdreset_token]);
+               $user = DBA::selectFirst('user', ['uid', 'username', 'nickname', 'email', 'pwdreset_time', 'language'], ['pwdreset' => hash('sha256', $pwdreset_token)]);
                if (!DBA::isResult($user)) {
                        notice(DI::l10n()->t("Request could not be verified. \x28You may have previously submitted it.\x29 Password reset failed."));
 
Unnamed repository; edit this file 'description' to name the repository.