When a Forum User maintains data in his profile and does not fill the two password fields, the password is set to NULL in the database. This leads to outlock this user from the forum.

This is especially annoying because lost Password Form is also not working!

The user does receive the email reset password, but after clicking it, he is asked to login, which requires to input the password, but this password has been lost or resetted by the malicious profile settings form!

Any help would be appreciated.

Using: silverstripe-2.4.0 with forum-0.3-r106922

Hmm I am unable to reproduce the issue (of setting the password to null). Heres what I tried -

* Registering a user with password 'test' - this was added to the db
* Editing the users profile (with not setting anything in the password field)
* Editing the users profile in the cms (with not setting anything in the password).

Looking at the code also has empty() checks to ensure that passwords could not be set to nothing. Saying that I think this area needs some unit tests to ensure I'm not missing something or an edge case. It is the edit profile form on the front end which is setting the password to null correct?

hi, this also happened to me..

I think it's because the 2.4 version, when u do this $member = DataObject::get_by_id('Member', $data['ID']); , it return NULL on the password data, if i print out the dataobject, there are two password displayed, one is null, the other is the current password, the problem is, it get the first one so on $form->dataFieldByName("Password")->setValue($member->Password);, it set a null value.

the PasswordEncryption also set to null..

Anyone has idea on this?