fix various password-change related functions

author: Andrew Dolgov <[email protected]> 2012-01-23 12:20:09 +0400
committer: Andrew Dolgov <[email protected]> 2012-01-23 12:20:09 +0400
commit: 098df83ba6a5fb7ea03cb9dfc9f6eca82397fe27 (patch)
tree: b5b6c5e972b68ff36344c30382b28b22adb38d5d /register.php
parent: 8b4fb0d0d6045c9905bea5d427aba8ab28a77dc9 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/register.php b/register.php
index 4107a2eac..e75c1c94c 100644
--- a/register.php
+++ b/register.php
@@ -4,7 +4,7 @@
 	// 1) templates/register_notice.txt - displayed above the registration form
 	// 2) register_expire_do.php - contains user expiration queries when necessary
 
-	set_include_path(get_include_path() . PATH_SEPARATOR . 
+	set_include_path(get_include_path() . PATH_SEPARATOR .
 		dirname(__FILE__) . "/include");
 
 	require_once 'lib/phpmailer/class.phpmailer.php';
@@ -270,11 +270,12 @@
 
 				$password = make_password();
 
-				$pwd_hash = encrypt_password($password, $login);
+				$salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250);
+				$pwd_hash = encrypt_password($password, $salt, true);
 
 				db_query($link, "INSERT INTO ttrss_users
-					(login,pwd_hash,access_level,last_login, email, created)
-					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+					(login,pwd_hash,access_level,last_login, email, created, salt)
+					VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
 
 				$result = db_query($link, "SELECT id FROM ttrss_users WHERE
 					login = '$login' AND pwd_hash = '$pwd_hash'");
author	Andrew Dolgov <[email protected]>	2012-01-23 12:20:09 +0400
committer	Andrew Dolgov <[email protected]>	2012-01-23 12:20:09 +0400
commit	098df83ba6a5fb7ea03cb9dfc9f6eca82397fe27 (patch)
tree	b5b6c5e972b68ff36344c30382b28b22adb38d5d /register.php
parent	8b4fb0d0d6045c9905bea5d427aba8ab28a77dc9 (diff)