user_pass_rehash() requires a 4th uid arg

Missing argument 4 for user_pass_rehash(), called in
login_one_time/login_one_time.module
on line 671 and defined in /modules/user/user.module
on line 1490.

CommentFileSizeAuthor
#9 user_pass_rehash-2672008-9.patch801 byteskarlshea
#2 user_pass_rehash-2672008-2.patch862 bytesjoelpittet

Comments

joelpittet created an issue. See original summary.

joelpittet’s picture

joelpittet
he/him
Primary language English
Location Vancouver
commented
Issue summary: View changes
Status: Active » Needs review
StatusFileSize
new user_pass_rehash-2672008-2.patch862 bytes
vaibhav29’s picture

vaibhav29 commented

Hi joelpittet,
Thanks for the working patch. Its already implemented in D7.
If you are still using D6, Please try to upgrade in D7 or D8.

bapi_22’s picture

bapi_22 commented
Assigned: Unassigned » bapi_22

  • joelpittet authored 4aa8e1a on 6.x-2.x 
    Issue #2672008 by joelpittet, celeritytech, bapi_22: user_pass_rehash()...
bapi_22’s picture

bapi_22 commented
Status: Needs review » Fixed

Merged the patch with 6.x-2.x-dev.

joelpittet’s picture

joelpittet
he/him
Primary language English
Location Vancouver
commented

Thanks for committing this. I'm planning an upgrade, that's why I touched this;)

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

karlshea’s picture

karlshea
he/him
Primary language English
Location Minneapolis 🇺🇸
commented
Status: Closed (fixed) » Active
StatusFileSize
new user_pass_rehash-2672008-9.patch801 bytes

This is still broken. The email sends a link with a hash generated by login_one_time_get_hash, which is then compared to the hash returned by user_pass_rehash which now doesn't match.

Attached is a patch against dev that removes login_one_time_get_hash and updates the email to use user_pass_rehash to match the comparison.

karlshea’s picture

karlshea
he/him
Primary language English
Location Minneapolis 🇺🇸
commented
Status: Active » Needs review
bapi_22’s picture

bapi_22 commented

Hi KarlShea,

Thanks for the update & patch. I think it was not related to the issue related to 4th arguments.

In earlier version of drupal 6 user_pass_rehash function returns md5 hash. So Its was working. But in latest version of drupal 6 the logic has been changed and returns drupal_hmac_base64 instead of md5. It has already implemented in drupal 7. So you can create another issue regarding the same and submit the patch again.

karlshea’s picture

karlshea
he/him
Primary language English
Location Minneapolis 🇺🇸
commented
Status: Needs review » Closed (fixed)