From 5714d5814873a1a329f43e1738bcefcb746a0e9a Mon Sep 17 00:00:00 2001
From: Roland Haeder <roland@mxchange.org>
Date: Thu, 11 Sep 2014 20:21:36 +0200
Subject: [PATCH] Fixed: 'hash' is always a GET parameter and it is
 'admin_login', not 'login' which is dedicated for users.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Roland HÃ¤der <roland@mxchange.org>
---
 inc/modules/admin.php                                | 12 ++++++------
 .../de/html/admin/admin_reset_password_form.tpl      |  2 +-
 .../de/html/admin/admin_validate_reset_hash_form.tpl |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/inc/modules/admin.php b/inc/modules/admin.php
index 1807ee960f..b808412783 100644
--- a/inc/modules/admin.php
+++ b/inc/modules/admin.php
@@ -58,18 +58,15 @@ if (!isAdminRegistered()) {
 	if ((isPostRequestElementSet('send_link')) && (isPostRequestElementSet('email'))) {
 		// Output result
 		displayMessage(sendAdminPasswordResetLink(postRequestElement('email')));
-	} elseif (isGetRequestElementSet('hash')) {
-		// Output form for hash validation
-		loadTemplate('admin_validate_reset_hash_form', FALSE, getRequestElement('hash'));
-	} elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isPostRequestElementSet('hash'))) {
+	} elseif ((isPostRequestElementSet('validate_hash')) && (isPostRequestElementSet('admin_login')) && (isGetRequestElementSet('hash'))) {
 		// Validate the login data and hash
-		$valid = adminResetValidateHashLogin(postRequestElement('hash'), postRequestElement('admin_login'));
+		$valid = adminResetValidateHashLogin(getRequestElement('hash'), postRequestElement('admin_login'));
 
 		// Valid?
 		if ($valid === TRUE) {
 			// Prepare content first
 			$content = array(
-				'hash'        => postRequestElement('hash'),
+				'hash'        => getRequestElement('hash'),
 				'admin_login' => postRequestElement('admin_login')
 			);
 
@@ -88,6 +85,9 @@ if (!isAdminRegistered()) {
 			// Validation failed
 			displayMessage('{--ADMIN_VALIDATION_RESET_LOGIN_HASH_FAILED2--}');
 		}
+	} elseif (isGetRequestElementSet('hash')) {
+		// Output form for hash validation
+		loadTemplate('admin_validate_reset_hash_form', FALSE, getRequestElement('hash'));
 	} else {
 		// Output reset password form
 		loadTemplate('admin_reset_password_send_link');
diff --git a/templates/de/html/admin/admin_reset_password_form.tpl b/templates/de/html/admin/admin_reset_password_form.tpl
index 23fa98a480..94053a63d9 100644
--- a/templates/de/html/admin/admin_reset_password_form.tpl
+++ b/templates/de/html/admin/admin_reset_password_form.tpl
@@ -38,7 +38,7 @@
 <tr>
 	<td class="table_footer" colspan="2">
 		<input type="hidden" name="hash" value="$content[hash]" />
-		<input type="hidden" name="login" value="$content[admin_login]" />
+		<input type="hidden" name="admin_login" value="$content[admin_login]" />
 		<input type="reset" class="form_reset" value="{--CLEAR_FORM--}" />
 		<input type="submit" class="form_submit" name="reset_pass" value="{--ADMIN_RESET_PASSWORD_SUBMIT--}" />
 	</td>
diff --git a/templates/de/html/admin/admin_validate_reset_hash_form.tpl b/templates/de/html/admin/admin_validate_reset_hash_form.tpl
index e75c08a14d..9b5995cb4c 100644
--- a/templates/de/html/admin/admin_validate_reset_hash_form.tpl
+++ b/templates/de/html/admin/admin_validate_reset_hash_form.tpl
@@ -12,7 +12,7 @@
 		{--ADMIN_ENTER_LOGIN--}
 	</td>
 	<td class="bottom">
-		<input type="text" class="form_field" name="login" size="20" maxlength="255" />
+		<input type="text" class="form_field" name="admin_login" size="20" maxlength="255" />
 	</td>
 </tr>
 
-- 
2.39.5

