BUGFIX Using RandomGenerator class in PasswordEncryptor->salt() (from r114503)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114506 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-12-05 00:46:28 +00:00 committed by Sam Minnee
parent 696de5d437
commit ae1d8e2e18

View File

@ -81,16 +81,17 @@ abstract class PasswordEncryptor {
/** /**
* Return a string value stored in the {@link Member->Salt} property. * Return a string value stored in the {@link Member->Salt} property.
* By default uses sha1() and mt_rand();
*
* Note: Only used when {@link Security::$useSalt} is TRUE. * Note: Only used when {@link Security::$useSalt} is TRUE.
* *
* @uses RandomGenerator
*
* @param String $password Cleartext password * @param String $password Cleartext password
* @param Member $member (Optional) * @param Member $member (Optional)
* @return String Maximum of 50 characters * @return String Maximum of 50 characters
*/ */
function salt($password, $member = null) { function salt($password, $member = null) {
return substr(sha1(mt_rand()) . time(), 0, 50); $generator = new RandomGenerator();
return substr($generator->generateHash('sha1'), 0, 50);
} }
/** /**