diff options
author | Andrew Dolgov <[email protected]> | 2012-08-16 18:27:26 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-08-16 18:27:26 +0400 |
commit | dc0374df2ba76876765fac373e0de69e642a98dc (patch) | |
tree | 9097ff7d3fb6d802cb2fc23483fb37805150c1ce | |
parent | d5fd183d18bf3cf3bf7bba50dc004b85246e0b6a (diff) |
auth_internal.change_password: do not rely on session
-rw-r--r-- | classes/auth_internal.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/classes/auth_internal.php b/classes/auth_internal.php index eb376568d..8890d4455 100644 --- a/classes/auth_internal.php +++ b/classes/auth_internal.php @@ -75,14 +75,15 @@ class Auth_Internal extends Auth_Base { function change_password($owner_uid, $old_password, $new_password) { $owner_uid = db_escape_string($owner_uid); - $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE + $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE id = '$owner_uid'"); $salt = db_fetch_result($result, 0, "salt"); + $login = db_fetch_result($result, 0, "login"); if (!$salt) { $old_password_hash1 = encrypt_password($old_password); - $old_password_hash2 = encrypt_password($old_password, $_SESSION["name"]); + $old_password_hash2 = encrypt_password($old_password, $login); $query = "SELECT id FROM ttrss_users WHERE id = '$owner_uid' AND (pwd_hash = '$old_password_hash1' OR |