Update lostpass.php

use CSPRNG for password reset token generation
This commit is contained in:
Lynn Stephenson 2020-04-04 08:06:49 +00:00 committed by GitHub
parent efd549d466
commit f459a35cf4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -41,7 +41,7 @@ function lostpass_post(App $a)
DI::baseUrl()->redirect();
}
$pwdreset_token = Strings::getRandomName(12) . random_int(1000, 9999);
$pwdreset_token = Strings::getRandomHex(32);
$fields = [
'pwdreset' => $pwdreset_token,