Make reset passwords use the same randomness we do in install.php. Hat tip: swoolley.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2004-12-22 02:41:32 +00:00 · 2004-12-22 02:41:32 +00:00 · fd72d4e4d9
parent e8c764b1ae
commit fd72d4e4d9
1 changed files with 1 additions and 1 deletions
--- a/wp-login.php
+++ b/wp-login.php
@ -80,7 +80,7 @@ case 'retrievepassword':
 		die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.'), 'wp-login.php?action=lostpassword'));

 	// Generate something random for a password... md5'ing current time with a rand salt
-	$user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
+	$user_pass = substr(md5(uniqid(microtime())), 0, 6);
 	// now insert the new pass md5'd into the db
 	$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
 	$message  = __('Login') . ": $user_login\r\n";