diff options
| -rw-r--r-- | actions/user/password.php | 1 | ||||
| -rw-r--r-- | engine/lib/users.php | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/actions/user/password.php b/actions/user/password.php index aae22cc02..eb5debcb8 100644 --- a/actions/user/password.php +++ b/actions/user/password.php @@ -31,6 +31,7 @@ { if ($password == $password2) { + $user->salt = generate_random_cleartext_password(); // Reset the salt $user->password = generate_user_password($user, $password); if ($user->save()) system_message(elgg_echo('user:password:success')); diff --git a/engine/lib/users.php b/engine/lib/users.php index 5d5153cc4..3de4044ae 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -390,7 +390,7 @@ // Exists and you have access to it
if ($exists = get_data_row("SELECT guid from {$CONFIG->dbprefix}users_entity where guid = {$guid}")) {
- $result = update_data("UPDATE {$CONFIG->dbprefix}users_entity set name='$name', username='$username', password='$password', email='$email', language='$language', code='$code', last_action = ". time() ." where guid = {$guid}");
+ $result = update_data("UPDATE {$CONFIG->dbprefix}users_entity set name='$name', username='$username', password='$password', salt='$salt', email='$email', language='$language', code='$code', last_action = ". time() ." where guid = {$guid}");
if ($result != false)
{
// Update succeeded, continue
|