Ignore:
Timestamp:
Jul 25, 2011, 7:56:47 PM (13 years ago)
Author:
rvelices
Message:
  • simplify calculation of auto login key (no need to concatenate 2 hashes)
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/functions_user.inc.php

    r11753 r11826  
    10331033    $row = pwg_db_fetch_assoc($result);
    10341034    $username = stripslashes($row['username']);
    1035     $data = $time.stripslashes($row['username']).$row['password'];
    1036     $key = base64_encode(
    1037       pack('H*', sha1($data))
    1038       .hash_hmac('md5', $data, $conf['secret_key'],true)
    1039       );
     1035    $data = $time.$user_id.$username;
     1036    $key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) );
    10401037    return $key;
    10411038  }
Note: See TracChangeset for help on using the changeset viewer.