Closed mesaugat closed 7 years ago
https://github.com/ZF-Commons/ZfcUser/blob/1.x/src/ZfcUser/Authentication/Adapter/Db.php#L118-L127
This looks like the issue with the code here. Line 124 should handle hashing the password....
What exact version of ZFCUser are you seeing this with? This is potentially a very big issue from a data security standpoint, aside from the fact that the user can no longer log in.
@Rockstar04 That is not what I am talking about. So let's say you are logged-in and changing your password via change password form: 1) You input your new password 2) You input your new password again 3) But you input your old password (current password) incorrectly
This will result a redirect to zfcuser/changepassword route when you submit the form. I think we should be triggering an event or set some error messages when this happens so that when it redirects we know what went wrong.
Yup, I had multiple issues open and commented on the wrong one (meant to comment that on #611)... Go me! Sorry about that
While changing the password if the user does not input his/her current password correctly it just redirects to change-password route. How are we supposed to know what happened? How can we set some error messages before redirection for this case?
https://github.com/ZF-Commons/ZfcUser/blob/1.x/src/ZfcUser/Service/User.php#L117-L119
Similar situation for change-email: https://github.com/ZF-Commons/ZfcUser/blob/1.x/src/ZfcUser/Service/User.php#L138-L140