login/pass: set user cookie after token reset

Value became invalid after changes to hashing and edit page.

diff --git a/login/pass.inc.php b/login/pass.inc.php
index 59679048eda00ef3f7341638524b75f8d03c42e0..986b4c262a91d4b8e8515c14423f24726bb027a0 100644 (file)
--- a/login/pass.inc.php
+++ b/login/pass.inc.php
@@ -1,5 +1,5 @@
 <?php
-function passform($user, $input = [])
+function passform(&$user, $input = [])
 {
        if (empty($user)) {
                return "Log eerst (opnieuw?) in.";
@@ -43,7 +43,7 @@ function passform($user, $input = [])
 
        @unlink("{$user['dir']}/.token"); # invalidate reset token
 
-       $authhash = md5($input['newpass']);
+       $authhash = md5($passstore);
        $user['auth'] = "{$user['name']}:$authhash";
        if ($GLOBALS['User'] === $user) {
                login_setcookie();