makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #65 from phpbb/ticket/security-272

Browse source 
[ticket/security-272] Use longer random string for activation key
This commit is contained in:
Marc Alexander 2022-03-14 17:51:07 +01:00
commit 377ebacf0d
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/includes/ucp/ucp_register.php
View file

@ -363,7 +363,7 @@ class ucp_register
$config['require_activation'] == USER_ACTIVATION_SELF || $config['require_activation'] == USER_ACTIVATION_SELF ||
$config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable']) $config['require_activation'] == USER_ACTIVATION_ADMIN) && $config['email_enable'])
{ {
$user_actkey = gen_rand_string(mt_rand(6, 10)); $user_actkey = strtolower(gen_rand_string(32));
$user_type = USER_INACTIVE; $user_type = USER_INACTIVE;
$user_inactive_reason = INACTIVE_REGISTER; $user_inactive_reason = INACTIVE_REGISTER;
$user_inactive_time = time(); $user_inactive_time = time();