From af8ebced6380ce039d08d104d61f16bc73384cb3 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Wed, 21 Apr 2004 19:14:18 +0000
Subject: [PATCH] Cookie and password change  undefined offset in blowfish.php

---
 ChangeLog         |  1 +
 user_password.php | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index b4d6fdbdb..896968967 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@ $Source$
 
 2004-04-21 Marc Delisle  <lem9@users.sourceforge.net>
     ### 2.6.0-alpha1 released
+    * (after the release) user_password.php: undefined offset in blowfish.php
 
 2004-04-20 Alexander M. Turek  <me@derrabus.de>
     * Documentation.html, README:
diff --git a/user_password.php b/user_password.php
index 56b1a4202..429b86eb3 100644
--- a/user_password.php
+++ b/user_password.php
@@ -53,8 +53,16 @@ if (isset($nopass)) {
         $result           = @PMA_DBI_try_query($local_query) or PMA_mysqlDie(PMA_DBI_getError(), $sql_query, FALSE, $err_url);
 
         // Changes password cookie if required
+        // Duration = till the browser is closed for password (we don't want this to be saved)
         if ($cfg['Server']['auth_type'] == 'cookie') {
-            setcookie('pma_cookie_password', base64_encode(PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['blowfish_secret'])), 0, $cookie_path, '', $is_https);
+
+            setcookie('pma_cookie_password',
+               PMA_blowfish_encrypt($pma_pw,
+               $GLOBALS['cfg']['blowfish_secret'] . $GLOBALS['current_time']),
+               0,
+               $GLOBALS['cookie_path'], '',
+               $GLOBALS['is_https']);
+
         } // end if
         // For http auth. mode, the "back" link will also enforce new
         // authentication