diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-13 12:36:35 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-01-13 12:36:35 +0000 |
| commit | 6199209c2c605e23f38e20e0c93c6617cada5d7c (patch) | |
| tree | 84f038808612fb0e9820dbc6743fd88a503fd567 | |
| parent | 10f0f104a921894f7258d7855f5d31828b93a6aa (diff) | |
| download | elgg-6199209c2c605e23f38e20e0c93c6617cada5d7c.tar.gz elgg-6199209c2c605e23f38e20e0c93c6617cada5d7c.tar.bz2 | |
Closes #675: Salt changed during password reset
git-svn-id: https://code.elgg.org/elgg/trunk@2562 36083f99-b078-4883-b0ff-0f9b5a30f544
| -rw-r--r-- | actions/admin/user/resetpassword.php | 1 | ||||
| -rw-r--r-- | engine/lib/users.php | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php index 60d739cf9..34eda5e31 100644 --- a/actions/admin/user/resetpassword.php +++ b/actions/admin/user/resetpassword.php @@ -25,6 +25,7 @@ { $password = generate_random_cleartext_password(); + $obj->salt = generate_random_cleartext_password(); // Reset the salt $obj->password = generate_user_password($obj, $password); if ($obj->save()) diff --git a/engine/lib/users.php b/engine/lib/users.php index fc8961baa..360c2c5e8 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -964,9 +964,10 @@ if ($user)
{
- $hash = generate_user_password($user, $password);
+ $hash = generate_user_password($user, $password); + $salt = generate_random_cleartext_password(); // Reset the salt
- return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
}
}
|