Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Do not store salt when generating new password

master release/1.1.0
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent a699bf2dee
commit 8474763bd2
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pages/users.php
View File

@ -17,15 +17,11 @@
if(@$_REQUEST['action'] == 'genpw' && @$_REQUEST['userid'] != '') if(@$_REQUEST['action'] == 'genpw' && @$_REQUEST['userid'] != '')
{ {
$SALT = md5(rand(1111, 9999));
$NEWPW = generateRandomString(10); $NEWPW = generateRandomString(10);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => password_hash($NEWPW, PASSWORD_ARGON2ID), 'PrincipalID' => $_REQUEST['userid']]); $statement->execute(['PasswordHash' => password_hash($NEWPW, PASSWORD_ARGON2ID), 'PrincipalID' => $_REQUEST['userid']]);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordSalt = :passwordSalt WHERE UUID = :PrincipalID');
$statement->execute(['passwordSalt' => $SALT, 'PrincipalID' => $_REQUEST['userid']]);
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($RUNTIME['OPENSIM']->getUserName($_REQUEST['userid'])).' wurde geändert. Das neue Passwort ist <b>'.htmlspecialchars($NEWPW).'</b></div>'); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($RUNTIME['OPENSIM']->getUserName($_REQUEST['userid'])).' wurde geändert. Das neue Passwort ist <b>'.htmlspecialchars($NEWPW).'</b></div>');
} }