From 22fcdc5f5adf442069aae250abe630e51a2a9c50 Mon Sep 17 00:00:00 2001 From: Mark Crane Date: Tue, 10 Feb 2015 20:54:03 +0000 Subject: [PATCH] When the user is updated increase the salt length and remove special characters that can cause problems. --- core/users/usersupdate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/users/usersupdate.php b/core/users/usersupdate.php index f99f676afe..2dc2233dc6 100644 --- a/core/users/usersupdate.php +++ b/core/users/usersupdate.php @@ -286,7 +286,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") { } if (strlen($password) > 0 && $confirm_password == $password) { //salt used with the password to create a one way hash - $salt = generate_password('20', '4'); + $salt = uuid(); //set the password $sql .= "password = '".md5($salt.$password)."', "; $sql .= "salt = '".$salt."', ";