Update lostpass.php

use CSPRNG for password reset token generation
This commit is contained in:
Lynn Stephenson 2020-04-04 08:06:49 +00:00 committed by GitHub
parent efd549d466
commit f459a35cf4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -41,7 +41,7 @@ function lostpass_post(App $a)
DI::baseUrl()->redirect(); DI::baseUrl()->redirect();
} }
$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999); $pwdreset_token = Strings::getRandomHex(32);
$fields = [ $fields = [
'pwdreset' => $pwdreset_token, 'pwdreset' => $pwdreset_token,