From 677914e4c9b5535908472ac1eb373944551afc1a Mon Sep 17 00:00:00 2001
From: zPlus <->
Date: Thu, 14 Jul 2016 11:38:25 +0200
Subject: [PATCH] Fix password reset: the new password did not replace the old
 one

---
 database.php              | 7 ++-----
 template/login_reset.twig | 2 +-
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/database.php b/database.php
index 1ac173dc..3e99aa4a 100644
--- a/database.php
+++ b/database.php
@@ -1210,9 +1210,6 @@ class Database
             
             $this->database->beginTransaction();
             
-            // Get the user
-            $user = self::get_post ($user_hash_id);
-            
             // Generate a new secret token (used for validation)
             $token = self::get_random_string (32);
             
@@ -1232,7 +1229,7 @@ class Database
                 
             $query->execute (array ($token, $user_hash_id));
             
-            $affected_rows = $query->rowCount();
+            $affected_rows = $query->rowCount ();
             
             $this->database->commit ();
             
@@ -1257,7 +1254,7 @@ class Database
         
         $query = $this->database->prepare (
             'UPDATE `user`' .
-            'SET `password` = SHA2(CONCAT(?, `salt`), 512), `passwordResetToken` = "", `passwordResetTokenExpire` = NULL ' .
+            'SET `password` = SHA2(CONCAT(?, `salt`), 512), `passwordResetToken` = NULL, `passwordResetTokenExpire` = NULL ' .
             'WHERE `passwordResetToken` = ? AND `passwordResetTokenExpire` > NOW()');
             
         $query->execute (array ($new_password, $token));
diff --git a/template/login_reset.twig b/template/login_reset.twig
index d5003ee9..cc423354 100644
--- a/template/login_reset.twig
+++ b/template/login_reset.twig
@@ -2,7 +2,7 @@
 
 <div class="login">
     {% if feedback %}
-        <div class="feedback">
+        <div class="alert bg-danger">
             {{ feedback }}
         </div>
     {% endif %}