Admin CP: Staff Data

[Kevin]

It seems after a staff member uses the change your password tool everyone in the table's password gets messed up. So nobody can log in. It's happened 4 or so times now. And it's getting annoying. Any ideas, Jonny? We haven't been able to narrow down exactly when or how this happens, however.

[Jonny]

I'll check when I've got time. Ask your staff members not to use the feature.

[Joshuam08]

I am not 100% sure, but in ./admin/pages/pass.php:

PHP Code:

$newpass =     md5(md5($main->postvar['new']) . md5($data['salt']));
                            $db->query("UPDATE `<PRE>staff`  SET `password` = '{$newpass}'");
                            $main->errors("Password changed!"); 


There isn't anything specifying which user's pass to change. I think it should be something like this:

PHP Code:

$newpass =     md5(md5($main->postvar['new']) . md5($data['salt']));
                            $db->query("UPDATE `<PRE>staff` WHERE `$user` SET `password` = '{$newpass}'");
                            $main->errors("Password changed!"); 


[Kevin]

This is what we have for the latest development version of THT.

PHP Code:

$newpass = md5(md5($main->postvar['new']) . md5($data['salt']));
$db->query("UPDATE `<PRE>staff` SET `password` = '{$newpass}' WHERE `id` = '{$_SESSION['user']}'");
$main->errors("Password changed!"); 


If this problem still exists after 1.2, then it probably has to do something with the salt.