From 8c6193d22f17f4c0a8c2a38530d9b9b30f8bb944 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sat, 2 Jul 2016 11:53:40 +0200 Subject: [PATCH] fix Scrutinizer "bugs" --- api/src/Auth/Sql.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/api/src/Auth/Sql.php b/api/src/Auth/Sql.php index fcd22016f2..0d50b78c29 100644 --- a/api/src/Auth/Sql.php +++ b/api/src/Auth/Sql.php @@ -90,10 +90,9 @@ class Sql implements Backend } } } - if ($match) + if ($match && ($encrypted_passwd = Api\Auth::encrypt_sql($passwd))) { - $encrypted_passwd = Api\Auth::encrypt_sql($passwd); - $this->_update_passwd($encrypted_passwd,$passwd,$row['account_id'],false,true); + $this->_update_passwd($encrypted_passwd, $row['account_id'], false, true); } } if (!$match) return false; @@ -229,8 +228,13 @@ class Sql implements Backend return false; } + if (!($encrypted_passwd = Api\Auth::encrypt_sql($new_passwd))) + { + return false; + } + // old password ok, or admin called the function from the admin application (no old passwd available). - return $this->_update_passwd(Api\Auth::encrypt_sql($new_passwd),$new_passwd,$account_id,$admin); + return $this->_update_passwd($encrypted_passwd, $account_id, $admin); } /** @@ -243,10 +247,8 @@ class Sql implements Backend * @param boolean $update_lastpw_change =true * @return boolean true if password successful changed, false otherwise */ - private function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=false,$update_lastpw_change=true) + private function _update_passwd($encrypted_passwd, $account_id, $admin=false, $update_lastpw_change=true) { - unset($new_passwd); // not used, but required by function signature - $update = array('account_pwd' => $encrypted_passwd); if ($update_lastpw_change) $update['account_lastpwd_change'] = time();