[geeklog-cvs] geeklog: The user's current password is no longer available in $...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun May 17 04:30:11 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/14e4943af5e4
changeset: 7030:14e4943af5e4
user: Dirk Haun <dirk at haun-online.de>
date: Sun May 17 10:28:44 2009 +0200
description:
The user's current password is no longer available in $_USER, so changing the password or deleting an account no longer worked (reported by Tom Homer)
diffstat:
2 files changed, 11 insertions(+), 5 deletions(-)
public_html/docs/history | 4 +++-
public_html/usersettings.php | 12 ++++++++----
diffs (61 lines):
diff -r 99e5a429c202 -r 14e4943af5e4 public_html/docs/history
--- a/public_html/docs/history Sun May 17 10:05:01 2009 +0200
+++ b/public_html/docs/history Sun May 17 10:28:44 2009 +0200
@@ -11,7 +11,9 @@
+ Comment moderation and editable comments, by Jared Wenerd
Other changes:
-- Fixed plugin postinstall from the install script
+- Users couldn't change their password or delete their account (reported by
+ Tom Homer) [Dirk]
+- Fixed plugin postinstall from the install script [Dirk]
- Made COM_createImage recognize https:// URLs (bug #0000881) [Dirk]
- Fixed notices in the config class (reported by tgc and others) [Dirk]
- Fixed empty entries in the "Type" dropdown on the Advanced Search page.
diff -r 99e5a429c202 -r 14e4943af5e4 public_html/usersettings.php
--- a/public_html/usersettings.php Sun May 17 10:05:01 2009 +0200
+++ b/public_html/usersettings.php Sun May 17 10:28:44 2009 +0200
@@ -265,8 +265,10 @@
// to change the password, email address, or cookie timeout,
// we need the user's current password
+ $current_password = DB_getItem($_TABLES['users'], 'passwd',
+ "uid = {$_USER['uid']}");
if (empty($_POST['old_passwd']) ||
- (SEC_encryptPassword($_POST['old_passwd']) != $_USER['passwd'])) {
+ (SEC_encryptPassword($_POST['old_passwd']) != $current_password)) {
return COM_refresh($_CONF['site_url']
. '/usersettings.php?msg=84');
}
@@ -890,10 +892,12 @@
// to change the password, email address, or cookie timeout,
// we need the user's current password
+ $current_password = DB_getItem($_TABLES['users'], 'passwd',
+ "uid = {$_USER['uid']}");
if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) ||
($A['cooktime'] != $_USER['cookietimeout'])) {
if (empty($A['old_passwd']) ||
- (SEC_encryptPassword($A['old_passwd']) != $_USER['passwd'])) {
+ (SEC_encryptPassword($A['old_passwd']) != $current_password)) {
return COM_refresh ($_CONF['site_url']
. '/usersettings.php?msg=83');
@@ -992,7 +996,7 @@
if (!empty($A['passwd'])) {
if (($A['passwd'] == $A['passwd_conf']) &&
- (SEC_encryptPassword($A['old_passwd']) == $_USER['passwd'])) {
+ (SEC_encryptPassword($A['old_passwd']) == $current_password)) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "$passwd",
"uid", $_USER['uid']);
@@ -1004,7 +1008,7 @@
setcookie($_CONF['cookie_password'], $passwd, time() + $cooktime,
$_CONF['cookie_path'], $_CONF['cookiedomain'],
$_CONF['cookiesecure']);
- } elseif (SEC_encryptPassword($A['old_passwd']) != $_USER['passwd']) {
+ } elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh ($_CONF['site_url']
. '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
More information about the geeklog-cvs
mailing list