diff options
| -rw-r--r-- | actions/admin/user/resetpassword.php | 1 | ||||
| -rw-r--r-- | engine/lib/users.php | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php index 60d739cf9..34eda5e31 100644 --- a/actions/admin/user/resetpassword.php +++ b/actions/admin/user/resetpassword.php @@ -25,6 +25,7 @@ { $password = generate_random_cleartext_password(); + $obj->salt = generate_random_cleartext_password(); // Reset the salt $obj->password = generate_user_password($obj, $password); if ($obj->save()) diff --git a/engine/lib/users.php b/engine/lib/users.php index fc8961baa..360c2c5e8 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -964,9 +964,10 @@ if ($user)
{
- $hash = generate_user_password($user, $password);
+ $hash = generate_user_password($user, $password); + $salt = generate_random_cleartext_password(); // Reset the salt
- return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+ return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
}
}
|