diff options
author | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-04 12:50:49 +0000 |
---|---|---|
committer | ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-02-04 12:50:49 +0000 |
commit | f5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db (patch) | |
tree | 469698eb679b05dd502567cffeebd11b360af1ee | |
parent | 4f121eefd2c13defbc7b29077cdb9a6dace7c5bb (diff) | |
download | elgg-f5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db.tar.gz elgg-f5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db.tar.bz2 |
When a new password is generated, the salt is now regenerated first. Fixes #726.
git-svn-id: https://code.elgg.org/elgg/trunk@2637 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | engine/lib/users.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/engine/lib/users.php b/engine/lib/users.php index 6dabbc9d2..baf3b5950 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -964,8 +964,8 @@ if ($user)
{
- $hash = generate_user_password($user, $password); - $salt = generate_random_cleartext_password(); // Reset the salt
+ $salt = generate_random_cleartext_password(); // Reset the salt
+ $hash = generate_user_password($user, $password);
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
}
|