From 86bc4d1143474dcb5b9a65c1affd62d7e1b14c0c Mon Sep 17 00:00:00 2001
From: rvelices <rv-github@modusoptimus.com>
Date: Mon, 25 Jul 2011 17:56:47 +0000
Subject: - simplify calculation of auto login key (no need to concatenate 2
 hashes)

git-svn-id: http://piwigo.org/svn/trunk@11826 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_user.inc.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'include')

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 3e7c818d3..4c4f37994 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1032,11 +1032,8 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id;
   {
     $row = pwg_db_fetch_assoc($result);
     $username = stripslashes($row['username']);
-    $data = $time.stripslashes($row['username']).$row['password'];
-    $key = base64_encode(
-      pack('H*', sha1($data))
-      .hash_hmac('md5', $data, $conf['secret_key'],true)
-      );
+    $data = $time.$user_id.$username;
+    $key = base64_encode( hash_hmac('sha1', $data, $conf['secret_key'].$row['password'],true) );
     return $key;
   }
   return false;
-- 
cgit v1.2.3