I noticed that I could not change password using the

/modules/profile/changepass.php

script in my new XOOPS 2.2.1

I'm certainly no expert in xoops, but I noticed by snooping around that the changepass.php script is passing the 'uname' value right on down to the 'loginUser' function. Though the arguments on all the function calls use 'uname', a quick look inside the 'loginUser' function shows that it is compared against the 'loginname' value in the database.

Fix is a simple swap in the changepass.php file:

OLD not working:

$stop = checkPassword($xoopsUser->getVar('uname'), $_POST['oldpass'], $_POST['newpass'], $_POST['vpass']);

NEW working:

$stop = checkPassword($xoopsUser->getVar('loginname'), $_POST['oldpass'], $_POST['newpass'], $_POST['vpass']);

Thanks.

For future reference, please report core bugs here

Thanks for prompt reply.

The page you sent me to instructs to report only "system" module bugs as "core". Seems to me that 2.2.X now should include the "profile" module as a "core" module, since the core system user functions are pulled from '/modules/profile'. Just a suggestion...

Am playing with and thoroughly astonished at the quality of the XOOPS 2.2.1. Thanks for hard work and I hope you accept comments/bugs as a sign that people are really exercising your code - sometimes hard!