Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix report by Ahsan Aziz (can reset the password of another user that
did not request password reset).
  • Loading branch information
eldy committed Jul 5, 2021
1 parent 8b07e99 commit 87f9530
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions htdocs/user/passwordforgotten.php
Expand Up @@ -87,14 +87,14 @@
// Validate new password
if ($action == 'validatenewpassword' && $username && $passworduidhash) {
$edituser = new User($db);
$result = $edituser->fetch('', $_GET["username"]);
$result = $edituser->fetch('', $username);
if ($result < 0) {
$message = '<div class="error">'.dol_escape_htmltag($langs->trans("ErrorLoginDoesNotExists", $username)).'</div>';
} else {
global $dolibarr_main_instance_unique_id;

//print $edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id.' '.$passworduidhash;
if (dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
if ($edituser->pass_temp && dol_verifyHash($edituser->pass_temp.'-'.$edituser->id.'-'.$dolibarr_main_instance_unique_id, $passworduidhash)) {
// Clear session
unset($_SESSION['dol_login']);
$_SESSION['dol_loginmesg'] = $langs->trans('NewPasswordValidated'); // Save message for the session page
Expand Down

0 comments on commit 87f9530

Please sign in to comment.