From 98f6a1a30035e48b359ff596a9c7fb046ea0cb68 Mon Sep 17 00:00:00 2001 From: rxu Date: Fri, 7 Apr 2023 18:37:57 +0700 Subject: [PATCH 1/2] [ticket/17127] Do not purge guest sessions when resetting password PHPBB3-17127 --- phpBB/phpbb/ucp/controller/reset_password.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/ucp/controller/reset_password.php b/phpBB/phpbb/ucp/controller/reset_password.php index fd256ef30d..007258094b 100644 --- a/phpBB/phpbb/ucp/controller/reset_password.php +++ b/phpBB/phpbb/ucp/controller/reset_password.php @@ -415,7 +415,7 @@ class reset_password SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . ' WHERE user_id = ' . (int) $user_row['user_id']; $this->db->sql_query($sql); - $this->user->reset_login_keys(); + $this->user->reset_login_keys($user_row['user_id']); $this->log->add('user', $user_row['user_id'], $this->user->ip, 'LOG_USER_NEW_PASSWORD', false, [ 'reportee_id' => $user_row['user_id'], $user_row['username'] From c27214495c24827fd9a78cda022c721f4f0753fa Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Mon, 10 Apr 2023 19:39:23 +0200 Subject: [PATCH 2/2] [ticket/17127] Remove redundant check for changed password user_password will have been updated if u_chgpasswd is yes and new password has been set, no need to check password against old hash again. PHPBB3-17127 --- phpBB/includes/ucp/ucp_profile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 313abef868..35307cef1c 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -143,7 +143,7 @@ class ucp_profile )); } - if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password'])) + if ($auth->acl_get('u_chgpasswd') && $data['new_password']) { $sql_ary['user_passchg'] = time();