diff options
author | Andrew Dolgov <[email protected]> | 2012-01-23 12:20:09 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-01-23 12:20:09 +0400 |
commit | 098df83ba6a5fb7ea03cb9dfc9f6eca82397fe27 (patch) | |
tree | b5b6c5e972b68ff36344c30382b28b22adb38d5d /register.php | |
parent | 8b4fb0d0d6045c9905bea5d427aba8ab28a77dc9 (diff) |
fix various password-change related functions
Diffstat (limited to 'register.php')
-rw-r--r-- | register.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/register.php b/register.php index 4107a2eac..e75c1c94c 100644 --- a/register.php +++ b/register.php @@ -4,7 +4,7 @@ // 1) templates/register_notice.txt - displayed above the registration form // 2) register_expire_do.php - contains user expiration queries when necessary - set_include_path(get_include_path() . PATH_SEPARATOR . + set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . "/include"); require_once 'lib/phpmailer/class.phpmailer.php'; @@ -270,11 +270,12 @@ $password = make_password(); - $pwd_hash = encrypt_password($password, $login); + $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($password, $salt, true); db_query($link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login, email, created) - VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())"); + (login,pwd_hash,access_level,last_login, email, created, salt) + VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')"); $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); |