Skip to:
Content

BuddyPress.org

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#8539 closed defect (bug) (fixed)

[Bug] New Password That Changed From Profile Settings Does Not Work

Reported by: mandro's profile mandro Owned by: imath's profile imath
Milestone: 9.1.0 Priority: high
Severity: major Version: 9.0.0
Component: Settings Keywords: needs-testing has-patch
Cc:

Description

Dear BuddyPress Team.

I found an important on BuddyPress

After change password from the Profile Settings, please logout. And then, if your try to login, the New Password will not works.

https://snipboard.io/qerD8l.jpg

I check the database and found the user password format does not changed to MD5.

Attachments (1)

8539.patch (3.0 KB) - added by imath 3 years ago.

Download all attachments as: .zip

Change History (6)

#1 @imath
3 years ago

  • Milestone changed from Awaiting Review to 9.1.0

Thanks for your report @mandro

I confirm the issue. This is pretty annoying. We'll try to fix it asap.

@imath
3 years ago

#2 @imath
3 years ago

  • Keywords has-patch added

The attached patch should fix the password issue, but I need to make sure it has no side effects on the email change feature.

I'll run some complementary tests asap.

#3 @imath
3 years ago

In 13031:

Settings: Make sure changing pwd from the General Screen encrypts it

Using a WP_User object to set the password to update was misleading WordPress wp_update_user() function. The new password was interpreted as the current password and was not encrypted.

Passing a regular array to the wp_update_user() function avoids the risk of messing with WP User object cache.

Props mandro

See #8539 (branch 9.0)

#4 @imath
3 years ago

  • Owner set to imath
  • Resolution set to fixed
  • Status changed from assigned to closed

In 13032:

Settings: Make sure changing pwd from the General Screen encrypts it

Using a WP_User object to set the password to update was misleading WordPress wp_update_user() function. The new password was interpreted as the current password and was not encrypted.

Passing a regular array to the wp_update_user() function avoids the risk of messing with WP User object cache.

Props mandro

Fixes #8539 (trunk)

This ticket was mentioned in Slack in #buddypress by shanebp. View the logs.


3 years ago

Note: See TracTickets for help on using tickets.