Bug 17494: Make sure the same verification token won't be generated twice

Well, this patch does not enforce the unique constraint but mimic what
is already done in C4::ImportExportFramework and Koha::Upload where
md5_hex is used.

Test plan:
Have a look at the code and confirm that it adds more randomness to the
hashed string

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl
index 685d1ca..6bdd66a 100755 (executable)
--- a/opac/opac-memberentry.pl
+++ b/opac/opac-memberentry.pl
@@ -138,7 +138,7 @@ if ( $action eq 'create' ) {
             );
             $template->param( 'email' => $borrower{'email'} );
 
-            my $verification_token = md5_hex( \%borrower );
+            my $verification_token = md5_hex( time().{}.rand().{}.$$ );
 
             $borrower{password}           = random_string("..........");
             $borrower{verification_token} = $verification_token;