Merge pull request #3247 from SimSync/fix_3126_3143

Fixes #3126 & #3143 Backend used wrong field to hashword
2025-04-20 04:32:01 +02:00 · 2018-07-04 17:41:46 -07:00 · 2018-07-04 17:41:46 -07:00 · 1b8f698b4c
commit 1b8f698b4c
parent 253ae3b6ba bc7b801054
1 changed files with 7 additions and 1 deletions
--- a/e107_admin/users.php
+++ b/e107_admin/users.php
@ -502,7 +502,13 @@ class users_admin_ui extends e_admin_ui
 		else 
 		{

-			$new_data['user_password']	= e107::getUserSession()->HashPassword($new_data['user_password'], $new_data['user_login']);
+			// issues #3126, #3143: Login not working after admin set a new password using the backend
+			// Backend used user_login instead of user_loginname (used in usersettings) and did't escape the password.
+			$savePassword = $new_data['user_password'];
+			$loginname = $new_data['user_loginname'] ? $new_data['user_loginname'] : $old_data['user_loginname'];
+			$email = (isset($new_data['user_email']) && $new_data['user_email']) ? $new_data['user_email'] : $old_data['user_email'];
+			$new_data['user_password'] = e107::getDb()->escape(e107::getUserSession()->HashPassword($savePassword, $loginname), false);
+
 			e107::getMessage()->addDebug("Password Hash: ".$new_data['user_password']);
 		}