Anyone with permission to edit a user account can reset the user's token. This is an important feature. However, the tokenauth_user_reset() function uses the global $uid both to generate the new token, and to determine which database row to update.

Instead, this function needs to access the uid associated with the current form.

CommentFileSizeAuthor
#1 729590.userreset.patch2.11 KBGrayside

Comments

Grayside’s picture

Status: Active » Needs review
StatusFileSize
new2.11 KB

Reworked user reset system.

With this patch, administrator's can now reset an individual user's token.

Grayside’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.