From: Lynn Stephenson <63118982+lynn-stephenson@users.noreply.github.com>
Date: Sat, 4 Apr 2020 08:06:49 +0000 (+0000)
Subject: Update lostpass.php
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f459a35cf4fe475d505e2eebbc10428adbab959e;p=friendica.git

Update lostpass.php

use CSPRNG for password reset token generation
---

diff --git a/mod/lostpass.php b/mod/lostpass.php
index 2ce396e366..8a1a9f36e5 100644
--- a/mod/lostpass.php
+++ b/mod/lostpass.php
@@ -41,7 +41,7 @@ function lostpass_post(App $a)
 		DI::baseUrl()->redirect();
 	}
 
-	$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
+	$pwdreset_token = Strings::getRandomHex(32);
 
 	$fields = [
 		'pwdreset' => $pwdreset_token,