From bd7a41ce3db67ce387566da2cf0dbe99b305a791 Mon Sep 17 00:00:00 2001
From: calzoneman <calzoneman@gmail.com>
Date: Thu, 20 Jun 2013 20:12:24 -0400
Subject: [PATCH] Minor fix regarding password resets

---
 database.js | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/database.js b/database.js
index d1d4e28b..6855b1e9 100644
--- a/database.js
+++ b/database.js
@@ -685,6 +685,16 @@ function setUserEmail(name, email) {
     return true;
 }
 
+function genSalt() {
+    var chars = "abcdefgihjklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+              + "0123456789!@#$%^&*_+=~";
+    var salt = [];
+    for(var i = 0; i < 32; i++) {
+        salt.push(chars[parseInt(Math.random()*chars.length)]);
+    }
+    return salt.join('');
+}
+
 function generatePasswordReset(ip, name, email) {
     var db = getConnection();
     if(!db) {
@@ -711,7 +721,7 @@ function generatePasswordReset(ip, name, email) {
     }
 
     // Validation complete, now time to reset it
-    var hash = hashlib.sha256(Date.now() + name);
+    var hash = hashlib.sha256(genSalt() + name);
     var exp = Date.now() + 24*60*60*1000;
     query = createQuery(
         ["INSERT INTO `password_reset` (",