[eluser]Muser[/eluser]
[quote author="splufdaddy" date="1228623004"]I think I found a bug with the change_password function.
When you're generating the new password, your escaping the salt and the new password individually inside the md5. That was causing the password_hash to be in effect:
Code:
md5("'SALT'"."'newpassword'")
I changed line 763 to this, and the change password function generates the correct password:
Code:
$password_hash = $encryption_method(str_replace("%password%", $new_password, str_replace("%salt%",$salt, str_replace(".", "", $this->encryption_order))));
Let me know if you can replicate this. Before I changed that code, I couldn't log in after changing my password.[/quote]
Me too, I couldn't log when I've changed password. Changing the line you said now works OK!
Thank you