Usercp changes password to hash of email

199
Defect
-
2.2
2.1.1
Users
Fixed
High
Normal
6 years ago
3 years ago
0

Description

If a user changes their password, it would change it to the sha1 hash of their email address. In handlers/user.php, on line 108: $password = ", password='".$db->res(sha1($_POST['email']))."'"; Should be $_POST['new_password']

Ticket History

6 years and 9 months ago by Jack

  • Closed ticket as Fixed