From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 10 Feb 2019 07:58:52 +0000 (+0100)
Subject: login/pass: set user cookie after token reset
X-Git-Tag: v3.9~15
X-Git-Url: http://git.shiar.net/minimedit.git/commitdiff_plain/2c6e2002d6e1c0545d130687bae5e2174b274345

login/pass: set user cookie after token reset

Value became invalid after changes to hashing and edit page.
---

diff --git a/login/pass.inc.php b/login/pass.inc.php
index 5967904..986b4c2 100644
--- a/login/pass.inc.php
+++ b/login/pass.inc.php
@@ -1,5 +1,5 @@
 <?php
-function passform($user, $input = [])
+function passform(&$user, $input = [])
 {
 	if (empty($user)) {
 		return "Log eerst (opnieuw?) in.";
@@ -43,7 +43,7 @@ function passform($user, $input = [])
 
 	@unlink("{$user['dir']}/.token"); # invalidate reset token
 
-	$authhash = md5($input['newpass']);
+	$authhash = md5($passstore);
 	$user['auth'] = "{$user['name']}:$authhash";
 	if ($GLOBALS['User'] === $user) {
 		login_setcookie();