From acbfb0b025ab388cdb2a712779726405f21caaf6 Mon Sep 17 00:00:00 2001 From: Jack Anderson Date: Fri, 22 Nov 2024 13:24:11 +0000 Subject: [PATCH] [Legacy] Fix change password --- .../legacy/modules/Users/Changenewpassword.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/public/legacy/modules/Users/Changenewpassword.php b/public/legacy/modules/Users/Changenewpassword.php index c3afe4d1b..4e6e605fe 100755 --- a/public/legacy/modules/Users/Changenewpassword.php +++ b/public/legacy/modules/Users/Changenewpassword.php @@ -105,12 +105,12 @@ if (!empty($_REQUEST['guid']) && !empty($_REQUEST['key'])) { } if (!$expired) { + $password = $_POST['new_password'] ?? ''; + $usr = new user(); + $errors = $usr->passwordValidationCheck($password); // if the form is filled and we want to login if (isset($_REQUEST['login']) && $_REQUEST['login'] == '1') { if ($row['username'] == $_POST['user_name']) { - $password = $_POST['new_password']; - $usr = new user(); - $errors = $usr->passwordValidationCheck($password); if (!$errors) { $usr_id = $usr->retrieve_user_id($_POST['user_name']); $usr->retrieve($usr_id); @@ -136,8 +136,15 @@ if (!empty($_REQUEST['guid']) && !empty($_REQUEST['key'])) { } } else { $redirect = false; - if ($_REQUEST['redirect'] === '1') { - $redirect = true; + if (!$errors && !empty($password)){ + $usr_id = $usr->retrieve_user_id($_POST['user_name']); + $usr->retrieve($usr_id); + $usr->setNewPassword($password); + $query2 = "UPDATE users_password_link SET deleted='1' where id='" . $db->quote($_REQUEST['guid']) . "'"; + DBManagerFactory::getInstance()->query($query2, true, "Error setting link for $usr->user_name: "); + if ($_REQUEST['redirect'] === '1') { + $redirect = true; + } } } } else {