problem of password comparison in AdminController.php

google-code-export / yii-user

Automatically exported from code.google.com/p/yii-user

1 stars 1 forks source link

problem of password comparison in AdminController.php #76

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

In /controllers/AdminController.php line 110
There is code like this:

line 110: if ($old_password->password!=$model->password) {

I notice that $old_password->password is read from database which is encrypted.
However $model->password is input by admin, which is NOT encrypted.
So it is meaningless to compare these two passwords.

Original issue reported on code.google.com by linjians...@gmail.com on 29 Mar 2011 at 12:26

GoogleCodeExporter commented 9 years ago

This field contains the password hash!

Original comment by mish...@gmail.com on 29 Mar 2011 at 2:38

Changed state: Invalid