From bc7b801054be5f018e9280cb630f222dc7f6659c Mon Sep 17 00:00:00 2001
From: Achim Ennenbach <Ennenbach.Achim@recticel-automotive.com>
Date: Tue, 3 Jul 2018 12:24:57 +0200
Subject: [PATCH] fixes #3126, fixes #3143 Backend used wrong field to hashword
 Instead of user_loginname (as used in usersettings), the backend used
 user_login and didn't escape the result. This made the login impossible.

---
 e107_admin/users.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/e107_admin/users.php b/e107_admin/users.php
index aa02fc828..4d1d3b25a 100644
--- a/e107_admin/users.php
+++ b/e107_admin/users.php
@@ -502,7 +502,13 @@ class users_admin_ui extends e_admin_ui
 		else 
 		{
 
-			$new_data['user_password']	= e107::getUserSession()->HashPassword($new_data['user_password'], $new_data['user_login']);
+			// issues #3126, #3143: Login not working after admin set a new password using the backend
+			// Backend used user_login instead of user_loginname (used in usersettings) and did't escape the password.
+			$savePassword = $new_data['user_password'];
+			$loginname = $new_data['user_loginname'] ? $new_data['user_loginname'] : $old_data['user_loginname'];
+			$email = (isset($new_data['user_email']) && $new_data['user_email']) ? $new_data['user_email'] : $old_data['user_email'];
+			$new_data['user_password'] = e107::getDb()->escape(e107::getUserSession()->HashPassword($savePassword, $loginname), false);
+
 			e107::getMessage()->addDebug("Password Hash: ".$new_data['user_password']);
 		}