From 6199209c2c605e23f38e20e0c93c6617cada5d7c Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Tue, 13 Jan 2009 12:36:35 +0000
Subject: Closes #675: Salt changed during password reset

git-svn-id: https://code.elgg.org/elgg/trunk@2562 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 actions/admin/user/resetpassword.php | 1 +
 engine/lib/users.php                 | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/actions/admin/user/resetpassword.php b/actions/admin/user/resetpassword.php
index 60d739cf9..34eda5e31 100644
--- a/actions/admin/user/resetpassword.php
+++ b/actions/admin/user/resetpassword.php
@@ -25,6 +25,7 @@
 	{
 		$password = generate_random_cleartext_password();
 		
+		$obj->salt = generate_random_cleartext_password(); // Reset the salt
 		$obj->password = generate_user_password($obj, $password);
 		
 		if ($obj->save())
diff --git a/engine/lib/users.php b/engine/lib/users.php
index fc8961baa..360c2c5e8 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -964,9 +964,10 @@
 			
 			if ($user)
 			{
-				$hash = generate_user_password($user, $password);
+				$hash = generate_user_password($user, $password);
+				$salt = generate_random_cleartext_password(); // Reset the salt 
 				
-				return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash' where guid=$user_guid");
+				return update_data("UPDATE {$CONFIG->dbprefix}users_entity set password='$hash', salt='$salt' where guid=$user_guid");
 			}
 		}
 		
-- 
cgit v1.2.3