From f5a5a7b37580e6c5fc34d9b4c5729eeb18e5e7db Mon Sep 17 00:00:00 2001
From: ben <ben@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 4 Feb 2009 12:50:49 +0000
Subject: When a new password is generated, the salt is now regenerated first.
 Fixes #726.

git-svn-id: https://code.elgg.org/elgg/trunk@2637 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/users.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'engine/lib/users.php')

diff --git a/engine/lib/users.php b/engine/lib/users.php
index 6dabbc9d2..baf3b5950 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -964,8 +964,8 @@
 			
 			if ($user)
 			{
-				$hash = generate_user_password($user, $password);
-				$salt = generate_random_cleartext_password(); // Reset the salt 
+				$salt = generate_random_cleartext_password(); // Reset the salt
+				$hash = generate_user_password($user, $password);
 				
 				return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
 			}
-- 
cgit v1.2.3