From b2550b37af5a86dc036578cd43b0831f9c1afd54 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 10 Mar 2014 17:42:30 -0500
Subject: [PATCH] pwreset: Fixup password reset system

Turns out that the new authentication system incorrectly cancels the reset
tokens when it processes logins rather than after the user successfully
resets his/her password
---
 include/class.auth.php | 2 --
 scp/pwreset.php        | 3 +--
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/include/class.auth.php b/include/class.auth.php
index e7b299a98..660acf9ba 100644
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -322,8 +322,6 @@ abstract class StaffAuthenticationBackend  extends AuthenticationBackend {
 
         Signal::send('auth.login.succeeded', $staff);
 
-        $staff->cancelResetTokens();
-
         return true;
     }
 
diff --git a/scp/pwreset.php b/scp/pwreset.php
index 735765b05..b2826014c 100644
--- a/scp/pwreset.php
+++ b/scp/pwreset.php
@@ -53,8 +53,7 @@ if($_POST) {
             $errors = array();
             if ($staff = StaffAuthenticationBackend::processSignOn($errors)) {
                 $info = array('page' => 'index.php');
-                header('Location: '.$info['page']);
-                exit();
+                Http::redirect($info['page']);
             }
             elseif (isset($errors['msg'])) {
                 $msg = $errors['msg'];
-- 
GitLab