Fix password change code

master
Thomas Hooge 2 years ago
parent cb7f8ef649
commit 7d6450706f
  1. 5
      submit.php

@ -953,12 +953,13 @@ if (isset($_POST['edit'])) {
$user = $db->db_select($query);
if(!strcmp(md5($user_currentpass), $user[0]['user_pass'])) {
if (password_verify($user_currentpass, $user[0]['user_pass'])) {
if(!strcmp($user_newpass1, $user_newpass2)) {
$newhash = password_hash($user_newpass1, PASSWORD_BCRYPT);
$query = "UPDATE
user
SET
user_pass='" . md5($user_newpass1) . "'
user_pass='" . $newhash . "'
WHERE
user_id=" . $user_id;