From c5ab152473153d8fe96434c07f413eb079a75b3d Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Thu, 12 Mar 2015 10:18:57 -0400
Subject: [PATCH] Fixed hash generation (the previous method did not work under
 Windows).

---
 module/VuFind/src/VuFind/Db/Row/User.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/module/VuFind/src/VuFind/Db/Row/User.php b/module/VuFind/src/VuFind/Db/Row/User.php
index a951bff8343..52d4f0588b6 100644
--- a/module/VuFind/src/VuFind/Db/Row/User.php
+++ b/module/VuFind/src/VuFind/Db/Row/User.php
@@ -431,9 +431,10 @@ class User extends RowGateway implements \VuFind\Db\Table\DbTableAwareInterface,
      */
     public function updateHash()
     {
-        $this->verify_hash = md5(
-            $this->username . $this->password . $this->pass_hash . rand()
-        ) . (time() % pow(10, 10));
+        $hash = md5($this->username . $this->password . $this->pass_hash . rand());
+        // Make totally sure the timestamp is exactly 10 characters:
+        $time = str_pad(substr((string) time(), 0, 10), 10, '0', STR_PAD_LEFT);
+        $this->verify_hash = $hash . $time;
         return $this->save();
     }
 
-- 
GitLab