From 4e1855c37553b4aa9041d70b710fa36c7e4b65f8 Mon Sep 17 00:00:00 2001
From: Boris <millions.of.stones@gmail.com>
Date: Wed, 23 Apr 2014 17:41:42 +0100
Subject: [PATCH] [Fix] Correctly hash new password

---
 public/include/classes/user.class.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index c88bc12c..5748beda 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -861,7 +861,7 @@ class User extends Base {
         $this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
         return false;
       }
-      $new_hash = $this->getHash($new1);
+      $new_hash = $this->getHash($new1, HASH_VERSION, bin2hex(openssl_random_pseudo_bytes(32)));
       $stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE id = ?");
       if ($this->checkStmt($stmt) && $stmt->bind_param('si', $new_hash, $aToken['account_id']) && $stmt->execute() && $stmt->affected_rows === 1) {
         if ($this->token->deleteToken($aToken['token'])) {