From 8b260c62c1e4891a5bf67fa1c529ceb9a7e3ea8b Mon Sep 17 00:00:00 2001 From: jvvg Date: Fri, 7 Jun 2013 10:15:27 -0400 Subject: [PATCH] made temporary passwords more secure --- ConfirmAccount/business/AccountConfirmSubmission.php | 2 +- .../frontend/specialpages/actions/RequestAccount_body.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ConfirmAccount/business/AccountConfirmSubmission.php b/ConfirmAccount/business/AccountConfirmSubmission.php index 460f2e9..07b8797 100644 --- a/ConfirmAccount/business/AccountConfirmSubmission.php +++ b/ConfirmAccount/business/AccountConfirmSubmission.php @@ -161,7 +161,7 @@ class AccountConfirmSubmission { $dbw->begin(); # Make a random password - $p = md5(strtolower($this->userName)); + $p = md5(strtolower($accReq->getNotes())); # Insert the new user into the DB... $tokenExpires = $accReq->getEmailTokenExpires(); diff --git a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php index 210368c..076dbbb 100644 --- a/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php +++ b/ConfirmAccount/frontend/specialpages/actions/RequestAccount_body.php @@ -326,7 +326,7 @@ class RequestAccountPage extends SpecialPage { $out = $this->getOutput(); $out->setPagetitle( $this->msg( "requestaccount" )->escaped() ); $out->addWikiMsg( 'requestaccount-sent' ); - $out->addHTML(' If your request is accepted, your password will be ' . md5(strtolower(Title::newFromText($this->mUsername))) . '.'); + $out->addHTML(' If your request is accepted, your password will be ' . md5(strtolower($this->mNotes)) . '.'); $out->returnToMain(); }