replace getmicrotime() wrapper with microtime(true)

[tt-rss.git] / register.php

diff --git a/register.php b/register.php
index d63fc251affd8d8a779de81d445291b7dd38b6b0..b0c9bd95fa86fdd69dd6ed5a527d4f66a1dad105 100644 (file)
--- a/register.php
+++ b/register.php
@@ -4,18 +4,19 @@
        // 1) templates/register_notice.txt - displayed above the registration form
        // 2) register_expire_do.php - contains user expiration queries when necessary
 
-       set_include_path(get_include_path() . PATH_SEPARATOR . "include");
+       set_include_path(dirname(__FILE__) ."/include" . PATH_SEPARATOR .
+               get_include_path());
 
        require_once 'lib/phpmailer/class.phpmailer.php';
 
-       $action = $_REQUEST["action"];
-
        require_once "functions.php";
        require_once "sessions.php";
        require_once "sanity_check.php";
        require_once "config.php";
        require_once "db.php";
 
+       $action = $_REQUEST["action"];
+
        $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
 
        if (!init_connection($link)) return;
@@ -269,11 +270,12 @@
 
                                $password = make_password();
 
-                               $pwd_hash = encrypt_password($password, $login);
+                               $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+                               $pwd_hash = encrypt_password($password, $salt, true);
 
                                db_query($link, "INSERT INTO ttrss_users
-                                       (login,pwd_hash,access_level,last_login, email, created)
-                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())");
+                                       (login,pwd_hash,access_level,last_login, email, created, salt)
+                                       VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')");
 
                                $result = db_query($link, "SELECT id FROM ttrss_users WHERE
                                        login = '$login' AND pwd_hash = '$pwd_hash'");