Index: wp-login.php =================================================================== --- wp-login.php (revision 6349) +++ wp-login.php (working copy) @@ -110,9 +110,9 @@ do_action('retreive_password', $user_login); // Misspelled and deprecated do_action('retrieve_password', $user_login); - // Generate something random for a password... md5'ing current time with a rand salt + // Generate something random for a key... $key = substr( md5( uniqid( microtime() ) ), 0, 8); - // Now insert the new pass md5'd into the db + // Now insert the new md5 key into the db $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'"); $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; @@ -182,8 +182,8 @@ do_action('password_reset'); - // Generate something random for a password... md5'ing current time with a rand salt - $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7); + // Generate something random for a password... + $new_pass = wp_generate_password(); $wpdb->query("UPDATE $wpdb->users SET user_pass = MD5('$new_pass'), user_activation_key = '' WHERE user_login = '$user->user_login'"); wp_cache_delete($user->ID, 'users'); wp_cache_delete($user->user_login, 'userlogins'); @@ -241,7 +241,7 @@ $errors = apply_filters( 'registration_errors', $errors ); if ( empty( $errors ) ) { - $user_pass = substr( md5( uniqid( microtime() ) ), 0, 7); + $user_pass = wp_generate_password(); $user_id = wp_create_user( $user_login, $user_pass, $user_email ); if ( !$user_id ) Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 6349) +++ wp-includes/pluggable.php (working copy) @@ -700,4 +700,19 @@ } endif; +if ( !function_exists('wp_generate_password') ) : +/** + * Generates a random password drawn from the defined set of characters + * @return string the password + **/ +function wp_generate_password() { + $chars = "abcdefghifjklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + $length = 7; + $password = ""; + for($i=0;$i<$length;$i++){ + $password .= substr($chars,mt_rand(0,strlen($chars)-1),1); + } + return $password; +} +endif; ?> Index: wp-admin/includes/upgrade.php =================================================================== --- wp-admin/includes/upgrade.php (revision 6349) +++ wp-admin/includes/upgrade.php (working copy) @@ -35,7 +35,7 @@ // being shared among blogs. Just set the role in that case. $user_id = username_exists($user_name); if ( !$user_id ) { - $random_password = substr(md5(uniqid(microtime())), 0, 6); + $random_password = wp_generate_password(); $user_id = wp_create_user($user_name, $random_password, $user_email); } else { $random_password = __('User already exists. Password inherited.'); Index: wp-admin/options-writing.php =================================================================== --- wp-admin/options-writing.php (revision 6349) +++ wp-admin/options-writing.php (working copy) @@ -59,7 +59,7 @@
-

%s, %s, %s.'), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5), substr(md5(uniqid(microtime())),0,5)) ?>

+

%s, %s, %s.'), wp_generate_password(), wp_generate_password(), wp_generate_password()) ?>

@@ -121,4 +121,4 @@ - \ No newline at end of file +