From fd72d4e4d9fc0a25eee77f080f73d7be1646de25 Mon Sep 17 00:00:00 2001
From: saxmatt <saxmatt@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 22 Dec 2004 02:41:32 +0000
Subject: [PATCH] Make reset passwords use the same randomness we do in
 install.php. Hat tip: swoolley.

git-svn-id: http://svn.automattic.com/wordpress/trunk@1990 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-login.php b/wp-login.php
index b2ceed9b9..e127754c0 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -80,7 +80,7 @@ case 'retrievepassword':
 		die(sprintf(__('Sorry, that user does not seem to exist in our database. Perhaps you have the wrong username or e-mail address? <a href="%s">Try again</a>.'), 'wp-login.php?action=lostpassword'));
 
 	// Generate something random for a password... md5'ing current time with a rand salt
-	$user_pass = substr( MD5('time' . rand(1, 16000) ), 0, 6);
+	$user_pass = substr(md5(uniqid(microtime())), 0, 6);
 	// now insert the new pass md5'd into the db
  	$wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$user_pass') WHERE user_login = '$user_login'");
 	$message  = __('Login') . ": $user_login\r\n";