BUG: refs #226. Don't send our password prefix with a password reset email

Author: zachmullen

core/controllers/UserController.php

@@ -93,25 +93,26 @@ function make_seed_recoverpass()
 
       $pass = "";
       $max = strlen($keychars) - 1;
-      for($i = 0;$i <= $length;$i++)
+      for($i = 0; $i <= $length; $i++)
         {
         $pass .= substr($keychars, rand(0, $max), 1);
         }
       $encrypted = md5($pass);
 
       $passwordPrefix = Zend_Registry::get('configGlobal')->password->prefix;
+      $salted = $pass;
       if(isset($passwordPrefix) && !empty($passwordPrefix))
         {
-        $pass = $passwordPrefix.$pass;
+        $salted = $passwordPrefix.$pass;
         }
 
-      $user->setPassword(md5($pass));
+      $user->setPassword(md5($salted));
 
       // Send the email
       $url = $this->getServerURL().$this->view->webroot;
 
       $text = "Hello,<br><br> You have asked for a new password for MIDAS.<br>";
-      $text .= "Please go to this page to login into MIDAS and change your password:<br>";
+      $text .= "Please go to this page to log in to MIDAS and change your password:<br>";
       $text .= "<a href=\"".$url."\">".$url."</a><br>";
       $text .= "Your new password is: ".$pass."<br>";
       $text .= "<br><br>Generated by MIDAS";