When I change any user’s password as admin, the error message “Your password is invalid.” is always returned.
I have checked the codes and discovered the cause at line 35 in /concrete/controllers/single_page/dashboard/users/search.php
.
if ($this->canEditPassword && !empty($this->request->request->get('uPasswordNew'))) {
$passwordMine = (string) $this->request->request->get('uPasswordMine');
$passwordNew = $this->request->request->get('uPasswordNew');
$passwordNewConfirm = $this->request->request->get('uPasswordNewConfirm');
$this->app->make('validator/password')->isValidFor($passwordNew, $this->user, $error);
if ($passwordNew) {
// maybe here
$me = $this->app->make(User::class)->getUserInfoObject();
// \Log::debug($me->getUserName()) => admin
if (!$me->passwordMatches($passwordMine)) {
$error->add(t('Your password is invalid.'));
}
if ($passwordNew != $passwordNewConfirm) {
$error->add(t('The two passwords provided do not match.'));
}
}
$data['uPasswordConfirm'] = $passwordNew;
$data['uPassword'] = $passwordNew;
}
The below code gets the admin’s ( current user’s) object, not the target user who password is changed.
$me = $this->app->make(User::class)->getUserInfoObject();
As a test, I changed the code as below. Changing the user’s password worked correctly.
$me = $this->user;
Concrete 9.1.3
PHP 7.4