From 57b1af03188120e4e76b8e1304123b724dd25aca Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sat, 18 Dec 2010 00:56:18 +0000
Subject: - Patch #991270 by carlos8f, chx: password_count_log2 var out of
 bounds is a sorry mess.

---
 modules/user/user.module | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'modules/user/user.module')

diff --git a/modules/user/user.module b/modules/user/user.module
index d464a7a7b..5411d35e9 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -2169,7 +2169,7 @@ function user_login_final_validate($form, &$form_state) {
 function user_authenticate($name, $password) {
   $uid = FALSE;
   if (!empty($name) && !empty($password)) {
-    $account = db_query("SELECT * FROM {users} WHERE name = :name AND status = 1", array(':name' => $name))->fetchObject();
+    $account = user_load_by_name($name);
     if ($account) {
       // Allow alternate password hashing schemes.
       require_once DRUPAL_ROOT . '/' . variable_get('password_inc', 'includes/password.inc');
@@ -2181,10 +2181,7 @@ function user_authenticate($name, $password) {
         if (user_needs_new_hash($account)) {
           $new_hash = user_hash_password($password);
           if ($new_hash) {
-            db_update('users')
-              ->fields(array('pass' => $new_hash))
-              ->condition('uid', $account->uid)
-              ->execute();
+            user_save($account, array('pass' => $new_hash));
           }
         }
       }
-- 
cgit v1.2.3