From c73bf29f377ebfe07929ef836d1f182e44e1f856 Mon Sep 17 00:00:00 2001
From: HB9HIL <fabian.berg@hb9hil.org>
Date: Mon, 22 Jul 2024 22:47:15 +0200
Subject: [PATCH] handle special chars in passwords

---
 application/models/User_model.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/application/models/User_model.php b/application/models/User_model.php
index 4c1f0209b..4e3f0af46 100644
--- a/application/models/User_model.php
+++ b/application/models/User_model.php
@@ -306,7 +306,8 @@ class User_Model extends CI_Model {
 				if($fields['user_password'] != NULL)
 				{
 					if ($fields['user_password'] !== $pwd_placeholder) {
-						$data['user_password'] = $this->_hash($fields['user_password']);
+						$decoded_password = htmlspecialchars_decode($fields['user_password']);
+						$data['user_password'] = $this->_hash($decoded_password);
 						if($data['user_password'] == EPASSWORDINVALID) {
 							return EPASSWORDINVALID;
 						}
@@ -386,7 +387,7 @@ class User_Model extends CI_Model {
 	function login() {
 
 		$username = $this->input->post('user_name', true);
-		$password = $this->input->post('user_password', true);
+		$password = htmlspecialchars_decode($this->input->post('user_password', true));
 
 		return $this->authenticate($username, $password);
 	}