WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make reset passwords use the same randomness we do in install.php. Hat tip: swoolley. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
saxmatt 2004-12-22 02:41:32 +00:00
parent e8c764b1ae
commit fd72d4e4d9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wp-login.php
View File

@ -80,7 +80,7 @@ case 'retrievepassword':
die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.'), 'wp-login.php?action=lostpassword'));
// Generate something random for a password... md5'ing current time with a rand salt
$user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
$user_pass = substr(md5(uniqid(microtime())), 0, 6);
// now insert the new pass md5'd into the db
$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
$message = __('Login') . ": $user_login\r\n";