Active
Project:
Sql authentication
Component:
sql_auth_update
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
3 Feb 2007 at 02:27 UTC
Updated:
4 Feb 2007 at 16:42 UTC
When editing a user the password always gets saved, even if the password is blank. If I edit a user and only make a minor change (like enabling the personal contact form), the empty password gets saved as well, and shouldn't.
The user module does not update the password, and I believe it is because of this code starting at line 112 in the user_save function:
if ($key == 'pass' && !empty($value)) {
$query .= "$key = '%s', ";
$v[] = md5($value);
}
Comments
Comment #1
Bèr Kessels commentedAssigning to myself for the time being.