From ef8521a2ee649236f0c3bf33933de6bd55ad6aca Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Fri, 6 Mar 2020 19:37:36 -0700
Subject: [PATCH] Update user_edit.php

---
 core/users/user_edit.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/core/users/user_edit.php b/core/users/user_edit.php
index 958a94913f..c321a21c30 100644
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@@ -469,6 +469,9 @@
 				}
 			}
 
+		//set the password hash cost
+			$options = array('cost' => 10);
+
 		//add user setting to array for update
 			$array['users'][$x]['user_uuid'] = $user_uuid;
 			$array['users'][$x]['domain_uuid'] = $domain_uuid;
@@ -476,9 +479,8 @@
 				$array['users'][$x]['username'] = $username;
 			}
 			if ($password != '' && $password == $password_confirm) {
-				$salt = uuid();
-				$array['users'][$x]['password'] = md5($salt.$password);
-				$array['users'][$x]['salt'] = $salt;
+				$array['users'][$x]['password'] = password_hash($password, PASSWORD_DEFAULT, $options);
+				$array['users'][$x]['salt'] = null;
 			}
 			$array['users'][$x]['user_email'] = $user_email;
 			$array['users'][$x]['user_status'] = $user_status;
@@ -1075,4 +1077,4 @@
 //include the footer
 	require_once "resources/footer.php";
 
-?>
\ No newline at end of file
+?>