]> git.mxchange.org Git - friendica.git/commitdiff
Update lostpass.php
authorLynn Stephenson <63118982+lynn-stephenson@users.noreply.github.com>
Sat, 4 Apr 2020 08:06:49 +0000 (08:06 +0000)
committerGitHub <noreply@github.com>
Sat, 4 Apr 2020 08:06:49 +0000 (08:06 +0000)
use CSPRNG for password reset token generation

mod/lostpass.php

index 2ce396e36606610e585c7bdd40bb103040d6a372..8a1a9f36e52fb80042eb82e3d750cdd4266de2c7 100644 (file)
@@ -41,7 +41,7 @@ function lostpass_post(App $a)
                DI::baseUrl()->redirect();
        }
 
-       $pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
+       $pwdreset_token = Strings::getRandomHex(32);
 
        $fields = [
                'pwdreset' => $pwdreset_token,