Here is the situation. We updated to patch 1 of v6.
The issue at hand is that the users can’t set their own passwords. Admin cannot reset anyone’s password.
In the AuthUtils.php file, when I run this query directly. It returns a result. No problem.
However, when I try to change my password I get a Password update error. I numbered the error messages since so many of them are exactly the same.
$userSQL = "SELECT `password`, `password_history1`, `password_history2`, `password_history3`, `password_history4`" .
" FROM `users_secure`" .
" WHERE `id` = ?";
$userInfo = privQuery($userSQL, [$targteUser]);
// Verify the active user's password
$changingOwnPassword = $activeUser == $targetUser;
// True if this is the current user changing their own password
if ($changingOwnPassword) {
if ($create) {
$this->errorMessage = xl("Trying to create user with existing username!");
$this->clearFromMemory($currentPwd);
$this->clearFromMemory($newPwd);
return false;
}
if (empty($userInfo['password'])) {
$this->errorMessage = xl("Password update error!2");
$this->clearFromMemory($currentPwd);
$this->clearFromMemory($newPwd);
return false;
}
The system is coming back with an empty password.
When the FetchRow() is run it comes back empty. I have been unsuccessful in finding the class where FetchRow() lives. Can anyone tell me where this function lives in the system?
function privQuery($sql, $params = null)
{
$recordset = privStatement($sql, $params);
if ($recordset->EOF) {
return false;
}
$rez = $recordset->FetchRow();
if ($rez == false) {
return false;
}
return $rez;
}