Logic was inversed; new password was only being saved if a plugin claimed the event; so when no auth plugin was present to take it, passwords never got saved.
- if(! Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))){
+ if(Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))){
//no handler changed the password, so change the password internally
$original = clone($user);
//no handler changed the password, so change the password internally
$original = clone($user);