From 677914e4c9b5535908472ac1eb373944551afc1a Mon Sep 17 00:00:00 2001 From: zPlus <-> Date: Thu, 14 Jul 2016 11:38:25 +0200 Subject: [PATCH] Fix password reset: the new password did not replace the old one --- database.php | 7 ++----- template/login_reset.twig | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/database.php b/database.php index 1ac173dc..3e99aa4a 100644 --- a/database.php +++ b/database.php @@ -1210,9 +1210,6 @@ class Database $this->database->beginTransaction(); - // Get the user - $user = self::get_post ($user_hash_id); - // Generate a new secret token (used for validation) $token = self::get_random_string (32); @@ -1232,7 +1229,7 @@ class Database $query->execute (array ($token, $user_hash_id)); - $affected_rows = $query->rowCount(); + $affected_rows = $query->rowCount (); $this->database->commit (); @@ -1257,7 +1254,7 @@ class Database $query = $this->database->prepare ( 'UPDATE `user`' . - 'SET `password` = SHA2(CONCAT(?, `salt`), 512), `passwordResetToken` = "", `passwordResetTokenExpire` = NULL ' . + 'SET `password` = SHA2(CONCAT(?, `salt`), 512), `passwordResetToken` = NULL, `passwordResetTokenExpire` = NULL ' . 'WHERE `passwordResetToken` = ? AND `passwordResetTokenExpire` > NOW()'); $query->execute (array ($new_password, $token)); diff --git a/template/login_reset.twig b/template/login_reset.twig index d5003ee9..cc423354 100644 --- a/template/login_reset.twig +++ b/template/login_reset.twig @@ -2,7 +2,7 @@