Attachment #289821 for bug #387167




   {
      $user = new User($this->args[1]);
      $dat = $_POST['user'];

      // saa 6 May 11
      // http://itissues.catholiccharities.com/details.aspx?iid=7982
      // enable password changing from the user profile edit page
      if ($dat['np1']!=$dat['np2'])
      {
       $_SESSION['flash'][]=Array('error', 'Passwords don\'t match...try again.');
       redirect_to(ADMIN_URL.'/users/edit/'.$this->args[1]);
      }
      if ($dat['np1']!='')
      {
       $passwdhash=md5($dat['np1']);
       $sql='update user set password=\''.$passwdhash.'\' where id='.$user->id;
       sql_query($sql);
      }
   
      //We don't want anyone modifying these properties
      //of their own profiles

Return to bug 387167

Lines 151-156 Link Here

(-)concerto-1.9.3-NoCAS/admin/app/users/controller.php (+15 lines)
151	{	151	{
152	$user = new User($this->args[1]);	152	$user = new User($this->args[1]);
153	$dat = $_POST['user'];	153	$dat = $_POST['user'];
		154
		155	// saa 6 May 11
		156	// http://itissues.catholiccharities.com/details.aspx?iid=7982
		157	// enable password changing from the user profile edit page
		158	if ($dat['np1']!=$dat['np2'])
		159	{
		160	$_SESSION['flash'][]=Array('error', 'Passwords don\'t match...try again.');
		161	redirect_to(ADMIN_URL.'/users/edit/'.$this->args[1]);
		162	}
		163	if ($dat['np1']!='')
		164	{
		165	$passwdhash=md5($dat['np1']);
		166	$sql='update user set password=\''.$passwdhash.'\' where id='.$user->id;
		167	sql_query($sql);
		168	}
154		169
155	//We don't want anyone modifying these properties	170	//We don't want anyone modifying these properties
156	//of their own profiles	171	//of their own profiles