Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Bug with 'reset' password type

edited September 2010 in Vanilla 2.0 - 2.8
After the reset, it fails to change the password type from 'reset' to 'vanilla', so the user gets locked into an endless reset loop.

The fix is really easy. Change /applications/dashboard/models/class.usermodel.php @ line 1462 From
$this->SQL->Update('User')->Set('Password', $Password)->Where('UserID', $UserID)->Put();
to
$this->SQL->Update('User')->Set('Password', $Password)->Set('HashMethod', 'vanilla')->Where('UserID', $UserID)->Put();
Tagged:
Sign In or Register to comment.