mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[SS-2016-008] Reset Member::Salt
on password change
This commit is contained in:
parent
00d1d294ca
commit
08384bb4d6
@ -866,7 +866,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
|||||||
} else {
|
} else {
|
||||||
$random = rand();
|
$random = rand();
|
||||||
$string = md5($random);
|
$string = md5($random);
|
||||||
$output = substr($string, 0, 6);
|
$output = substr($string, 0, 8);
|
||||||
return $output;
|
return $output;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -922,6 +922,9 @@ class Member extends DataObject implements TemplateGlobalProvider {
|
|||||||
// Note that this only works with cleartext passwords, as we can't rehash
|
// Note that this only works with cleartext passwords, as we can't rehash
|
||||||
// existing passwords.
|
// existing passwords.
|
||||||
if((!$this->ID && $this->Password) || $this->isChanged('Password')) {
|
if((!$this->ID && $this->Password) || $this->isChanged('Password')) {
|
||||||
|
//reset salt so that it gets regenerated - this will invalidate any persistant login cookies
|
||||||
|
// or other information encrypted with this Member's settings (see self::encryptWithUserSettings)
|
||||||
|
$this->Salt = '';
|
||||||
// Password was changed: encrypt the password according the settings
|
// Password was changed: encrypt the password according the settings
|
||||||
$encryption_details = Security::encrypt_password(
|
$encryption_details = Security::encrypt_password(
|
||||||
$this->Password, // this is assumed to be cleartext
|
$this->Password, // this is assumed to be cleartext
|
||||||
|
Loading…
Reference in New Issue
Block a user