remove usage of md5

ylebre · ylebre · commit 6c3e22c6e7f9 · 2025-07-17T10:01:11.000+02:00
diff --git a/lib/User.php b/lib/User.php
@@ -13,7 +13,7 @@ private static function generateTokenCode() {
 		}
 
 		private static function generateTokenHex() {
-			return md5(random_bytes(32));
+			return bin2hex(random_bytes(16));
 		}
 
 		private static function generateExpiresTimestamp($lifetime) {
@@ -89,9 +89,9 @@ public static function createUser($newUser) {
 			if (!self::validatePasswordStrength($newUser['password'])) {
 				return false;
 			}
-			$generatedUserId = md5(random_bytes(32));
+			$generatedUserId = bin2hex(random_bytes(16));
 			while (self::userIdExists($generatedUserId)) {
-				$generatedUserId = md5(random_bytes(32));
+				$generatedUserId = bin2hex(random_bytes(16));
 			}
 			$query = Db::$pdo->prepare(
 				 'INSERT INTO users VALUES (:userId, :email, :passwordHash, :data)'

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ private static function generateTokenCode() {`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`private static function generateTokenHex() {`
`16`		`- return md5(random_bytes(32));`
	`16`	`+ return bin2hex(random_bytes(16));`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`private static function generateExpiresTimestamp($lifetime) {`
`@@ -89,9 +89,9 @@ public static function createUser($newUser) {`
`89`	`89`	`if (!self::validatePasswordStrength($newUser['password'])) {`
`90`	`90`	`return false;`
`91`	`91`	`}`
`92`		`- $generatedUserId = md5(random_bytes(32));`
	`92`	`+ $generatedUserId = bin2hex(random_bytes(16));`
`93`	`93`	`while (self::userIdExists($generatedUserId)) {`
`94`		`- $generatedUserId = md5(random_bytes(32));`
	`94`	`+ $generatedUserId = bin2hex(random_bytes(16));`
`95`	`95`	`}`
`96`	`96`	`$query = Db::$pdo->prepare(`
`97`	`97`	`'INSERT INTO users VALUES (:userId, :email, :passwordHash, :data)'`