From 1841f1377a37e29078a46fa2507cb44c4cb42a6e Mon Sep 17 00:00:00 2001
From: xiaomlove <beixiao2777@gmail.com>
Date: Sat, 5 Apr 2025 20:16:09 +0700
Subject: [PATCH] change backend create user + reset password hashing

---
 app/Repositories/UserRepository.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/Repositories/UserRepository.php b/app/Repositories/UserRepository.php
index ad5dde5e..772f1ef3 100644
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -124,7 +124,7 @@ class UserRepository extends BaseRepository
         }
         $setting = Setting::get('main');
         $secret = mksecret();
-        $passhash = md5($secret . $password . $secret);
+        $passhash = hash('sha256', $secret . hash('sha256', $password));
         $data = [
             'username' => $username,
             'email' => $email,
@@ -161,7 +161,7 @@ class UserRepository extends BaseRepository
             $this->checkPermission($operator, $user);
         }
         $secret = mksecret();
-        $passhash = md5($secret . $password . $secret);
+        $passhash = hash('sha256', $secret . hash('sha256', $password));
         $update = [
             'secret' => $secret,
             'passhash' => $passhash,