]> git.wh0rd.org Git - tt-rss.git/commitdiff
auth_internal.change_password: do not rely on session
authorAndrew Dolgov <fox@fakecake.org>
Thu, 16 Aug 2012 14:27:26 +0000 (18:27 +0400)
committerAndrew Dolgov <fox@fakecake.org>
Thu, 16 Aug 2012 14:27:26 +0000 (18:27 +0400)
classes/auth_internal.php

index eb376568d093e2b68dd4d39bce1ac1bf0b7c33d4..8890d445588cc15e80d7676f941ffaeeef1000a4 100644 (file)
@@ -75,14 +75,15 @@ class Auth_Internal extends Auth_Base {
        function change_password($owner_uid, $old_password, $new_password) {
                $owner_uid = db_escape_string($owner_uid);
 
-               $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE
+               $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE
                        id = '$owner_uid'");
 
                $salt = db_fetch_result($result, 0, "salt");
+               $login = db_fetch_result($result, 0, "login");
 
                if (!$salt) {
                        $old_password_hash1 = encrypt_password($old_password);
-                       $old_password_hash2 = encrypt_password($old_password, $_SESSION["name"]);
+                       $old_password_hash2 = encrypt_password($old_password, $login);
 
                        $query = "SELECT id FROM ttrss_users WHERE
                                id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR