From 2cb1563f63386b35a69e460051aa9b4a2851d104 Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Wed, 30 May 2012 07:30:44 -0400
Subject: [PATCH] - Added (clickable) placeholders to client messaging function. - Added check so that the client password isn't inserted into the message (for security reasons).

---
 interface/web/login/password_reset.php |    9 ++-------
 1 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php
index e4e2da5..659859a 100644
--- a/interface/web/login/password_reset.php
+++ b/interface/web/login/password_reset.php
@@ -52,13 +52,8 @@
 	$client = $app->db->queryOneRecord("SELECT * FROM client WHERE username = '$username' AND email = '$email'");
 	
 	if($client['client_id'] > 0) {
-		$new_password = md5 (uniqid (rand()));
-		$salt="$1$";
-		for ($n=0;$n<11;$n++) {
-			$salt.=chr(mt_rand(64,126));
-		}
-		$salt.="$";
-		$new_password_encrypted = crypt($new_password,$salt);
+		$new_password = $app->auth->get_random_password();
+		$new_password_encrypted = $app->auth->crypt_password($new_password);
 		$new_password_encrypted = $app->db->quote($new_password_encrypted);
 		
 		$username = $app->db->quote($client['username']);

--
Gitblit v1.9.1