--- FrontendLoginController.php 2019-02-17 10:32:42.484906371 +0000 +++ FrontendLoginController.php 2019-02-17 10:42:05.201257798 +0000 @@ -372,7 +372,8 @@ class FrontendLoginController extends Ab $_params = [ 'user' => $user, 'newPassword' => $newPass, - 'newPasswordUnencrypted' => $postData['password1'] + 'newPasswordUnencrypted' => $postData['password1'], + 'passwordValid' => TRUE ]; foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['felogin']['password_changed'] as $_funcRef) { if ($_funcRef) { @@ -380,34 +381,41 @@ class FrontendLoginController extends Ab } } $newPass = $_params['newPassword']; + $hookPasswordValid = $_params['passwordValid']; + } + else { + $hookPasswordValid = TRUE; } - // Save new password and clear DB-hash - $userTable = $this->frontendController->fe_user->user_table; - $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable); - $queryBuilder->getRestrictions()->removeAll(); - $queryBuilder->update($userTable) - ->set('password', $newPass) - ->set('felogin_forgotHash', '') - ->set('tstamp', (int)$GLOBALS['EXEC_TIME']) - ->where( - $queryBuilder->expr()->eq( - 'uid', - $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT) + // Change Password only if Hook returns valid + if ($hookPasswordValid) { + // Save new password and clear DB-hash + $userTable = $this->frontendController->fe_user->user_table; + $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($userTable); + $queryBuilder->getRestrictions()->removeAll(); + $queryBuilder->update($userTable) + ->set('password', $newPass) + ->set('felogin_forgotHash', '') + ->set('tstamp', (int)$GLOBALS['EXEC_TIME']) + ->where( + $queryBuilder->expr()->eq( + 'uid', + $queryBuilder->createNamedParameter($user['uid'], \PDO::PARAM_INT) + ) ) - ) - ->execute(); + ->execute(); - $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText( - 'change_password_done_message', - $this->conf['changePasswordDoneMessage_stdWrap.'] - ); - $done = true; - $subpartArray['###CHANGEPASSWORD_FORM###'] = ''; - $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink( - htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), - [$this->prefixId . '[redirectReferrer]' => 'off'] - ); + $markerArray['###STATUS_MESSAGE###'] = $this->getDisplayText( + 'change_password_done_message', + $this->conf['changePasswordDoneMessage_stdWrap.'] + ); + $done = true; + $subpartArray['###CHANGEPASSWORD_FORM###'] = ''; + $markerArray['###BACKLINK_LOGIN###'] = $this->getPageLink( + htmlspecialchars($this->pi_getLL('ll_forgot_header_backToLogin')), + [$this->prefixId . '[redirectReferrer]' => 'off'] + ); + } } } if (!$done) {