From bbceac7a8034eb28c5178f6220ecd395471ec2d3 Mon Sep 17 00:00:00 2001
From: Oliver Rompcik <oliver@rompcik.de>
Date: Tue, 21 Oct 2014 23:44:32 +0200
Subject: [PATCH] Corrected password validation and creation of new user

---
 application/controllers/admin/user.php | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/application/controllers/admin/user.php b/application/controllers/admin/user.php
index 7ae14a78..3c64ade8 100755
--- a/application/controllers/admin/user.php
+++ b/application/controllers/admin/user.php
@@ -191,23 +191,21 @@ public function save()
 				)
 			);
 
-			// Existing
-			if ($id_user != FALSE)
+			// Passwords must match
+			if (($this->input->post('password') != '') &&
+				($this->input->post('password') == $this->input->post('password2')))
 			{
-				if (($this->input->post('password') != '' && $this->input->post('password2') != '') &&
-					($this->input->post('password') == $this->input->post('password2'))	)
-				{
-					$post['password'] = User()->encrypt($this->input->post('password'), $post);
-				}
-				else
-				{
-					unset($post['password'], $post['password2']);
-				}
+				$post['password'] = User()->encrypt($this->input->post('password'), $post);
 			}
-			// New
 			else
 			{
-				$post['password'] = User()->encrypt($this->input->post('password'), $post);
+				unset($post['password'], $post['password2']);
+			}
+
+			// New user?
+			if ($id_user == false)
+			{
+				$post['id_user'] = null;
 			}
 
 			// Save