From 6199209c2c605e23f38e20e0c93c6617cada5d7c Mon Sep 17 00:00:00 2001 From: marcus Date: Tue, 13 Jan 2009 12:36:35 +0000 Subject: Closes #675: Salt changed during password reset git-svn-id: https://code.elgg.org/elgg/trunk@2562 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/users.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'engine/lib') diff --git a/engine/lib/users.php b/engine/lib/users.php index fc8961baa..360c2c5e8 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -964,9 +964,10 @@ if ($user) { - $hash = generate_user_password($user, $password); + $hash = generate_user_password($user, $password); + $salt = generate_random_cleartext_password(); // Reset the salt - return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid"); + return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid"); } } -- cgit v1.2.3