Usercp changes password to hash of email

199
Defect
-
2.2
2.1.1
Users
Fixed
High
Normal
7 years ago
4 years ago
0

Description

If a user changes their password, it would change it to the sha1 hash of their email address. In handlers/user.php, on line 108: $password = ", password='".$db->res(sha1($_POST['email']))."'"; Should be $_POST['new_password']

Ticket History

7 years and 8 months ago by Jack

  • Closed ticket as Fixed