From: Lynn Stephenson <63118982+lynn-stephenson@users.noreply.github.com> Date: Sat, 4 Apr 2020 08:06:49 +0000 (+0000) Subject: Update lostpass.php X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f459a35cf4fe475d505e2eebbc10428adbab959e;p=friendica.git Update lostpass.php use CSPRNG for password reset token generation --- diff --git a/mod/lostpass.php b/mod/lostpass.php index 2ce396e366..8a1a9f36e5 100644 --- a/mod/lostpass.php +++ b/mod/lostpass.php @@ -41,7 +41,7 @@ function lostpass_post(App $a) DI::baseUrl()->redirect(); } - $pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999); + $pwdreset_token = Strings::getRandomHex(32); $fields = [ 'pwdreset' => $pwdreset_token,