aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2011-07-25 17:56:47 +0000
committerrvelices <rv-github@modusoptimus.com>2011-07-25 17:56:47 +0000
commit86bc4d1143474dcb5b9a65c1affd62d7e1b14c0c (patch)
treed769f69a11b48577652698529ca42f653c3316d5
parent19f0fb73d92262c9748af585a82668bf0ca692ca (diff)
- simplify calculation of auto login key (no need to concatenate 2 hashes)
git-svn-id: http://piwigo.org/svn/trunk@11826 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions_user.inc.php7
1 files changed, 2 insertions, 5 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 3e7c818d3..4c4f37994 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1032,11 +1032,8 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id;
{
$row = pwg_db_fetch_assoc($result);
$username = stripslashes($row['username']);
- $data = $time.stripslashes($row['username']).$row['password'];
- $key = base64_encode(
- pack('H*', sha1($data))
- .hash_hmac('md5', $data, $conf['secret_key'],true)
- );
+ $data = $time.$user_id.$username;
+ $key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) );
return $key;
}
return false;