When hiding the password field for non-admins (password is a useless information on the forum when using SSO...) ... the code fails to allow email address modifications, as the current password never will match the u.getPassword() ... I guess.
At least currently the email address never is being updated ... when not being admin. I'll just change it so it will set the email like any other field too...
if (isAdmin || u.getPassword().equals(currentPassword)) {
u.setEmail(SafeHtml.makeSafe(request.getParameter("email")));
String newPassword = request.getParameter("new_password");
if (newPassword != null && newPassword.length() > 0) {
u.setPassword(MD5.crypt(newPassword));
}
}
[originally posted on jforum.net by Sid]