hash based on user id rather than name - refs BT#16297

plugin/userremoteservice/Entity/UserRemoteService.php

@@ -99,18 +99,19 @@ class UserRemoteService
 
     /**
      * Returns a user-specific URL, with two extra query string parameters : 'username' and 'hash'.
-     * 'hash' is the return value of function call crypt($username, $salt).
+     * 'hash' is the return value of function call crypt($userId, $salt).
      *
      * @param string $username the URL query parameter 'username'
+     * @param string $userId   the user identifier, to be passed to crypt() to generate the 'hash' query parameter
      * @param string $salt     the salt to be passed to crypt() in order to generate the 'hash' query parameter
      *
      * @throws Exception on crypt() failure
      *
      * @return string the custom user URL
      */
-    public function getCustomUserURL($username, $salt)
+    public function getCustomUserURL($username, $userId, $salt)
     {
-        $hash = crypt($username, $salt);
+        $hash = crypt($userId, $salt);
         if (is_null($hash)) {
             throw new Exception('crypt() failed');
         }

plugin/userremoteservice/src/user_remote_service_plugin.class.php

@@ -268,6 +268,7 @@ OEQ,
      */
     public function getIFrame()
     {
+        $userInfo = api_get_user_info();
         return sprintf(
             <<<HTML
 <div class="embed-responsive embed-responsive-16by9">
@@ -276,7 +277,7 @@ OEQ,
 HTML,
             $this->getService(
                 $this->getActiveServiceId()
-            )->getCustomUserURL(api_get_user_info()['username'], $this->salt())
+            )->getCustomUserURL($userInfo['username'], $userInfo['id'], $this->salt())
         );
     }
 }