Set password = null when registering via a 3rdParty provider

diff --git a/wcfsetup/install/files/lib/form/RegisterForm.class.php b/wcfsetup/install/files/lib/form/RegisterForm.class.php
index 11d0454b074dd0b35a03f7e798a3b62a3bdf7ec9..3c239f6199e811cd5358112f9118c062fe445ff7 100644 (file)
--- a/wcfsetup/install/files/lib/form/RegisterForm.class.php
+++ b/wcfsetup/install/files/lib/form/RegisterForm.class.php
@@ -435,8 +435,8 @@ class RegisterForm extends UserAddForm {
                                break;
                        }
                        
-                       // create fake password
-                       $this->password = Hex::encode(\random_bytes(20));
+                       // Accounts connected to a 3rdParty login do not have passwords.
+                       $this->password = null;
                }
 
                $eventParameters = [