Logout nach automatischem Passwort-Rehash vermeiden (#6016)

redaxo · Mar 9, 2024 · 0fdb98a · 0fdb98a
1 parent c5a7bf8
commit 0fdb98a
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/redaxo/src/core/lib/login/backend_login.php b/redaxo/src/core/lib/login/backend_login.php
@@ -132,11 +132,13 @@ public function checkLogin()
                 $add = '';
                 if (($password = $this->user->getValue('password')) && self::passwordNeedsRehash($password)) {
                     $add .= 'password = ?, ';
-                    $params[] = self::passwordHash($this->userPassword, true);
+                    $params[] = $password = self::passwordHash($this->userPassword, true);
                 }
                 array_push($params, rex_sql::datetime(), rex_sql::datetime(), session_id(), $this->userLogin);
                 $sql->setQuery('UPDATE ' . $this->tableName . ' SET ' . $add . 'login_tries=0, lasttrydate=?, lastlogin=?, session_id=? WHERE login=? LIMIT 1', $params);
 
+                $this->setSessionVar(self::SESSION_PASSWORD, $password);
+
                 if ($this->stayLoggedIn || $loggedInViaCookie) {
                     if (!$cookiekey || !$loggedInViaCookie) {
                         $cookiekey = base64_encode(random_bytes(64));