Blank "password" column causes user creation to fail in http mode
Brought to you by:
thnilsen
When creating a new account on Brage-CM installations using HTTP authentication ($conf['authtype'] = 'http'), the password field is disabled in the form. This means browsers do not send the element's value via POST. However, because of faulty logic in the POST processing code, the field is never populated at all and this yields a syntactically invalid SQL query.
The faulty logic is:
if ( !empty($arr_post['password1']) ){ $arr_records['password'] = do_quote(md5($arr_post['password1'])); }
The attached patch will resolve the issue. I will upload a complete version of admin_user in a comment.
admin_user.php fixed version.