Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.2.0
-
None
-
Operating System: Linux and Windows
PHP Version: (please be specific, like '4.4.3' or '5.1.5') 5.2.0
Database and version: MySQL 5.1.36
Browser (and version): IE8 and Firefox 3.5.7
Description
When //UpdateHash// is //enabled// and //AuthenticateMatch// is set to //login;email// updating hash to //md5_user/ can result in wrong hash being stored in the database.
The new hash can be generated from the concatenation of //email and password// instead of //login and password//. In the //eZUser::createHash// call the variable //$login// is used instead of //$userRow['login']//.
Steps to reproduce
Change hash type from //md5_password// to //md5_user//. Login with an email (not login name).