diff options
| author | rvelices <rv-github@modusoptimus.com> | 2011-07-25 17:56:47 +0000 |
|---|---|---|
| committer | rvelices <rv-github@modusoptimus.com> | 2011-07-25 17:56:47 +0000 |
| commit | 86bc4d1143474dcb5b9a65c1affd62d7e1b14c0c (patch) | |
| tree | d769f69a11b48577652698529ca42f653c3316d5 /include/functions_user.inc.php | |
| parent | 19f0fb73d92262c9748af585a82668bf0ca692ca (diff) | |
- simplify calculation of auto login key (no need to concatenate 2 hashes)
git-svn-id: http://piwigo.org/svn/trunk@11826 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_user.inc.php')
| -rw-r--r-- | include/functions_user.inc.php | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 3e7c818d3..4c4f37994 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -1032,11 +1032,8 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id; { $row = pwg_db_fetch_assoc($result); $username = stripslashes($row['username']); - $data = $time.stripslashes($row['username']).$row['password']; - $key = base64_encode( - pack('H*', sha1($data)) - .hash_hmac('md5', $data, $conf['secret_key'],true) - ); + $data = $time.$user_id.$username; + $key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) ); return $key; } return false; |