From f44f8d99d185805bf7bb1e03d5fba040cc907c4d Mon Sep 17 00:00:00 2001
From: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>
Date: Wed, 7 May 2008 17:24:37 +0000
Subject: Ignore activation key in db. Generate a correct key, thanks
 mtdewvirus

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1273 7be80a69-a1ef-0310-a953-fb0f7c49ff36
---
 wp-includes/pluggable.php | 7 +++++--
 wp-login.php              | 8 ++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index eabf1ae..be7dda2 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1175,8 +1175,11 @@ if ( !function_exists('wp_generate_password') ) :
  *
  * @return string The random password
  **/
-function wp_generate_password($length = 12) {
-	$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()";
+function wp_generate_password($length = 12, $special_chars = true) {
+	$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+	if ( $special_chars )
+		$chars .= '!@#$%^&*()';
+
 	$password = '';
 	for ( $i = 0; $i < $length; $i++ )
 		$password .= substr($chars, mt_rand(0, strlen($chars) - 1), 1);
diff --git a/wp-login.php b/wp-login.php
index 6222791..121369a 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -90,14 +90,14 @@ function retrieve_password() {
 	do_action('retreive_password', $user_login);  // Misspelled and deprecated
 	do_action('retrieve_password', $user_login);
 
-	$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
-	if ( empty($key) ) {
+	//$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
+	//if ( empty($key) ) {
 		// Generate something random for a key...
-		$key = wp_generate_password();
+		$key = wp_generate_password(20, false);
 		do_action('retrieve_password_key', $user_login, $key);
 		// Now insert the new md5 key into the db
 		$wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login));
-	}
+	//}
 	$message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
 	$message .= get_option('siteurl') . "\r\n\r\n";
 	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
-- 
cgit