BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-05 00:37:35 +00:00
parent 8b220b923a
commit 1dddd5252d

View File

@ -81,16 +81,17 @@ abstract class PasswordEncryptor {
/** /**
* Return a string value stored in the {@link Member->Salt} property. * Return a string value stored in the {@link Member->Salt} property.
* By default uses sha1() and mt_rand();
*
* Note: Only used when {@link Security::$useSalt} is TRUE. * Note: Only used when {@link Security::$useSalt} is TRUE.
* *
* @uses RandomGenerator
*
* @param String $password Cleartext password * @param String $password Cleartext password
* @param Member $member (Optional) * @param Member $member (Optional)
* @return String Maximum of 50 characters * @return String Maximum of 50 characters
*/ */
function salt($password, $member = null) { function salt($password, $member = null) {
return substr(sha1(mt_rand()) . time(), 0, 50); $generator = new RandomGenerator();
return substr($generator->generateHash('sha1'), 0, 50);
} }
/** /**