From 5ad0419613d7fbff0fa5bba773f86896cff34c65 Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Wed, 9 May 2018 11:55:12 +0900 Subject: [PATCH] Login class rehash part: do not use variable Write the new hash directly to the DB, we don't need to store it in variable --- www/lib/CoreLibs/ACL/Login.inc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/www/lib/CoreLibs/ACL/Login.inc b/www/lib/CoreLibs/ACL/Login.inc index 4880c4dc..59f298af 100644 --- a/www/lib/CoreLibs/ACL/Login.inc +++ b/www/lib/CoreLibs/ACL/Login.inc @@ -318,9 +318,8 @@ class Login extends \CoreLibs\DB\IO // check if the current password is an invalid hash and do a rehash and set password // $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '.($this->passwordVerify($this->password, $res['password']) ? 'OK' : 'FAIL').' => HASH: '.($this->passwordRehashCheck($res['password']) ? 'NEW NEEDED' : 'OK')); if ($this->passwordRehashCheck($res['password'])) { - $new_hash = $this->passwordSet($this->password); // update password hash to new one now - $q = "UPDATE edit_user SET password = '".$this->dbEscapeString($new_hash)."' WHERE edit_user_id = ".$res['edit_user_id']; + $q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->password))."' WHERE edit_user_id = ".$res['edit_user_id']; $this->dbExec($q); } // normal user processing