Changeset 6385 for trunk/wp-login.php

Timestamp:

12/15/2007 05:31:16 AM (17 years ago)

Author:

ryan

Message:

Pluggable random password generator from pishmishy. fixes #5401

File:

• trunk/wp-login.php (modified) (3 diffs)

trunk/wp-login.php

@@ -111 +111 @@
                 do_action('retrieve_password', $user_login);
 
-                // Generate something random for a password... md5'ing current time with a rand salt
+                // Generate something random for a key...
                 $key = substr( md5( uniqid( microtime() ) ), 0, 8);
-                // Now insert the new pass md5'd into the db
+                // Now insert the new md5 key into the db
                 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
                 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
@@ -183 +183 @@
     do_action('password_reset');
 
-    // Generate something random for a password... md5'ing current time with a rand salt
-    $new_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
+    // Generate something random for a password...
+    $new_pass = wp_generate_password();
     $new_hash = wp_hash_password($new_pass); 
     $wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'");
@@ -242 +242 @@
 
         if ( empty( $errors ) ) {
-            $user_pass = substr( md5( uniqid( microtime() ) ), 0, 7);
+            $user_pass = wp_generate_password();
 
             $user_id = wp_create_user( $user_login, $user_pass, $user_email );