From bcc986fa118c755b9d9217ea7a953863cfbb31a3 Mon Sep 17 00:00:00 2001
From: floppy0 <31189947+floppy0@users.noreply.github.com>
Date: Mon, 15 Jan 2018 17:13:46 +0100
Subject: [PATCH] Bug fix for #606

---
 bl-kernel/dbusers.class.php | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/bl-kernel/dbusers.class.php b/bl-kernel/dbusers.class.php
index c77dc558..c78cf50f 100644
--- a/bl-kernel/dbusers.class.php
+++ b/bl-kernel/dbusers.class.php
@@ -79,14 +79,21 @@ class dbUsers extends dbJSON
 		$user = $this->db[$args['username']];
 
 		// Verify arguments with the database fields
-		foreach($args as $field=>$value) {
-			if( isset($this->dbFields[$field]) ) {
+		foreach ($args as $field=>$value) {
+			if (isset($this->dbFields[$field])) {
 				$value = Sanitize::html($value);
 				settype($value, gettype($this->dbFields[$field]['value']));
 				$user[$field] = $value;
 			}
 		}
 
+		// Set a new password
+		if (!empty($args['password'])) {
+			$user['salt'] = $this->generateSalt();
+			$user['password'] = $this->generatePasswordHash($args['password'], $user['salt']);
+			$user['tokenAuth'] = $this->generateAuthToken();
+		}
+
 		// Save the database
 		$this->db[$args['username']] = $user;
 		return $this->save();
@@ -142,14 +149,8 @@ class dbUsers extends dbJSON
 
 	public function setPassword($username, $password)
 	{
-		$salt = $this->generateSalt();
-		$hash = $this->generatePasswordHash($password, $salt);
-		$tokenAuth = $this->generateAuthToken();
-
 		$args['username']	= $username;
-		$args['salt']		= $salt;
 		$args['password']	= $hash;
-		$args['tokenAuth']	= $tokenAuth;
 
 		return $this->set($args);
 	}
@@ -221,4 +222,4 @@ class dbUsers extends dbJSON
 		}
 		return $tmp;
 	}
-}
\ No newline at end of file
+}