Commit 001d1bce authored by drsassafras's avatar drsassafras

[FIX] Resolved bug where admin account could not change password upon new install.

parent f4a3b73f
......@@ -1536,14 +1536,14 @@ class UsersLib extends TikiLib
$userUpper =TikiLib::strtoupper($user);
// first verify that the user exists
$query = 'select `userId`,`login`,`waiting`, `hash`, `email`,`valid` from `users_users` where upper(`login`) = ?';
$query = 'select `userId`,`login`,`waiting`, `hash`, `email`,`valid`,`password` from `users_users` where upper(`login`) = ?';
$result = $this->query($query, array($userUpper));
switch ($result->numRows()) {
case 0:
if ($prefs['login_allow_email']) { //if no users found, check check if email is being used to login
$query = 'select `userId`,`login`,`waiting`, `hash`, `email`,`valid` from `users_users` where upper(`email`) = ?';
$query = 'select `userId`,`login`,`waiting`, `hash`, `email`,`valid`,`password` from `users_users` where upper(`email`) = ?';
$result = $this->query($query, array($userUpper));
if ($result->numRows() > 1) {
return array(EMAIL_AMBIGUOUS, $user); // if there is more than one user with that email
......@@ -1566,19 +1566,20 @@ class UsersLib extends TikiLib
$user = $res['login'];
// check for account flags
if ($res['waiting'] == 'u' || 'a'){ // if account is in validation mode.
if ($res['waiting'] == 'u'){ // if account is in validation mode.
if ($pass == $res['valid']) // if user sucessfully provies code from email
if ($pass == $res['valid']) // if user successfully provides code from email
return array(USER_VALID, $user);
return array(ACCOUNT_WAITING_USER, $user); // if code validation fails, (or user tries to log in before verifying)
if ($res['waiting'] == 'a')
return array(ACCOUNT_DISABLED, $user);
}else if ($res['waiting'] == 'a') { // if account needs administrator validation
if ($pass == $res['valid']) // if admin successfully validates account
return array(USER_VALID, $user);
else return array(ACCOUNT_DISABLED, $user);
if ($validate_phase)
return array(USER_PREVIOUSLY_VALIDATED, $user); // if email verifycation code is used an a validated account, deny.
return array(USER_PREVIOUSLY_VALIDATED, $user); // if email verification code is used an a validated account, deny.
// next verify the password with every hashes methods
......@@ -1605,6 +1606,9 @@ class UsersLib extends TikiLib
return array(USER_VALID, $user);
if (($res['password']) && $res['password'] === $pass){ // plain text password verification, currently only used in admin account activation.
return array(USER_VALID, $user);}
return array(PASSWORD_INCORRECT, $user);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment