Update lostpass.php
use CSPRNG for password reset token generation
This commit is contained in:
parent
efd549d466
commit
f459a35cf4
1 changed files with 1 additions and 1 deletions
|
@ -41,7 +41,7 @@ function lostpass_post(App $a)
|
||||||
DI::baseUrl()->redirect();
|
DI::baseUrl()->redirect();
|
||||||
}
|
}
|
||||||
|
|
||||||
$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
|
$pwdreset_token = Strings::getRandomHex(32);
|
||||||
|
|
||||||
$fields = [
|
$fields = [
|
||||||
'pwdreset' => $pwdreset_token,
|
'pwdreset' => $pwdreset_token,
|
||||||
|
|
Loading…
Reference in a new issue