From 682da1fabe42f86ef5ecd56ecde185c48e6d67c0 Mon Sep 17 00:00:00 2001
From: Quentin VIAL-GOUTEYRON <quentin.vial-gouteyron@atm-consulting.fr>
Date: Wed, 1 Jun 2022 11:33:15 +0200
Subject: [PATCH] FIX if password doesnt match rule it created a user without
 password

---
 htdocs/user/card.php | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 821d6748eb6..cc32cba558c 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -333,18 +333,26 @@ if (empty($reshook)) {
 
 			$id = $object->create($user);
 			if ($id > 0) {
+				$resPass = '';
 				if (GETPOST('password', 'none')) {
-					$object->setPassword($user, GETPOST('password', 'none'));
+					$resPass = $object->setPassword($user, GETPOST('password', 'none'));
 				}
-				if (!empty($conf->categorie->enabled)) {
-					// Categories association
-					$usercats = GETPOST('usercats', 'array');
-					$object->setCategories($usercats);
-				}
-				$db->commit();
+				if($resPass < 0) {
+					$langs->load("errors");
+					$db->rollback();
+					setEventMessages($object->error, $object->errors, 'errors');
+					$action = "create"; // Go back to create page
+				} else {
+					if(! empty($conf->categorie->enabled)) {
+						// Categories association
+						$usercats = GETPOST('usercats', 'array');
+						$object->setCategories($usercats);
+					}
+					$db->commit();
 
-				header("Location: ".$_SERVER['PHP_SELF'].'?id='.$id);
-				exit;
+					header("Location: ".$_SERVER['PHP_SELF'].'?id='.$id);
+					exit;
+				}
 			} else {
 				$langs->load("errors");
 				$db->rollback();