fixes #3126, fixes #3143 Backend used wrong field to hashword

Instead of user_loginname (as used in usersettings), the backend used user_login and didn't escape the result. This made the login impossible.
2025-08-04 13:47:31 +02:00 · 2018-07-03 12:24:57 +02:00
parent 623fbe607c
commit bc7b801054
1 changed files with 7 additions and 1 deletions
--- a/e107_admin/users.php
+++ b/e107_admin/users.php
@@ -502,7 +502,13 @@ class users_admin_ui extends e_admin_ui
 		else 
 		{

-			$new_data['user_password']	= e107::getUserSession()->HashPassword($new_data['user_password'], $new_data['user_login']);
+			// issues #3126, #3143: Login not working after admin set a new password using the backend
+			// Backend used user_login instead of user_loginname (used in usersettings) and did't escape the password.
+			$savePassword = $new_data['user_password'];
+			$loginname = $new_data['user_loginname'] ? $new_data['user_loginname'] : $old_data['user_loginname'];
+			$email = (isset($new_data['user_email']) && $new_data['user_email']) ? $new_data['user_email'] : $old_data['user_email'];
+			$new_data['user_password'] = e107::getDb()->escape(e107::getUserSession()->HashPassword($savePassword, $loginname), false);
+
 			e107::getMessage()->addDebug("Password Hash: ".$new_data['user_password']);
 		}