From 2c6e2002d6e1c0545d130687bae5e2174b274345 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 10 Feb 2019 08:58:52 +0100
Subject: [PATCH] login/pass: set user cookie after token reset

Value became invalid after changes to hashing and edit page.
---
 login/pass.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/login/pass.inc.php b/login/pass.inc.php
index 5967904..986b4c2 100644
--- a/login/pass.inc.php
+++ b/login/pass.inc.php
@@ -1,5 +1,5 @@
 <?php
-function passform($user, $input = [])
+function passform(&$user, $input = [])
 {
 	if (empty($user)) {
 		return "Log eerst (opnieuw?) in.";
@@ -43,7 +43,7 @@ function passform($user, $input = [])
 
 	@unlink("{$user['dir']}/.token"); # invalidate reset token
 
-	$authhash = md5($input['newpass']);
+	$authhash = md5($passstore);
 	$user['auth'] = "{$user['name']}:$authhash";
 	if ($GLOBALS['User'] === $user) {
 		login_setcookie();
-- 
2.30.0