From 5827db0ea327827657620b5b668b0741ca0e77bf Mon Sep 17 00:00:00 2001 From: Tobias Diekershoff Date: Sun, 14 Apr 2013 17:22:42 +0200 Subject: [PATCH] check current password before changing the password --- mod/settings.php | 13 +++++++++++-- view/settings.tpl | 2 ++ view/smarty3/settings.tpl | 2 ++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/mod/settings.php b/mod/settings.php index 38bfedbb1..56526b7e7 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -300,7 +300,8 @@ function settings_post(&$a) { if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { $newpass = $_POST['npassword']; - $confirm = $_POST['confirm']; + $confirm = $_POST['confirm']; + $oldpass = hash('whirlpool', $_POST['opassword']); $err = false; if($newpass != $confirm ) { @@ -311,7 +312,13 @@ function settings_post(&$a) { if((! x($newpass)) || (! x($confirm))) { notice( t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; - } + } + + $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); + if( $oldpass != $r[0]['password'] ) { + notice( t('Wrong password.') . EOL); + $err = true; + } if(! $err) { $password = hash('whirlpool',$newpass); @@ -1045,6 +1052,8 @@ function settings_content(&$a) { '$h_pass' => t('Password Settings'), '$password1'=> array('npassword', t('New Password:'), '', ''), '$password2'=> array('confirm', t('Confirm:'), '', t('Leave password fields blank unless changing')), + '$password3'=> array('opassword', t('Current Password:'), '', t('Your current password to confirm the changes')), + '$password4'=> array('password', t('Password:'), '', t('Your current password to confirm the changes')), '$oid_enable' => (! get_config('system','no_openid')), '$openid' => $openid_field, diff --git a/view/settings.tpl b/view/settings.tpl index bebd0c12a..569ebcf10 100644 --- a/view/settings.tpl +++ b/view/settings.tpl @@ -9,6 +9,7 @@ $nickname_block {{inc field_password.tpl with $field=$password1 }}{{endinc}} {{inc field_password.tpl with $field=$password2 }}{{endinc}} +{{inc field_password.tpl with $field=$password3 }}{{endinc}} {{ if $oid_enable }} {{inc field_input.tpl with $field=$openid }}{{endinc}} @@ -23,6 +24,7 @@ $nickname_block {{inc field_input.tpl with $field=$username }}{{endinc}} {{inc field_input.tpl with $field=$email }}{{endinc}} +{{inc field_password.tpl with $field=$password4 }}{{endinc}} {{inc field_custom.tpl with $field=$timezone }}{{endinc}} {{inc field_input.tpl with $field=$defloc }}{{endinc}} {{inc field_checkbox.tpl with $field=$allowloc }}{{endinc}} diff --git a/view/smarty3/settings.tpl b/view/smarty3/settings.tpl index b79b26b79..2ab4bd466 100644 --- a/view/smarty3/settings.tpl +++ b/view/smarty3/settings.tpl @@ -14,6 +14,7 @@ {{include file="field_password.tpl" field=$password1}} {{include file="field_password.tpl" field=$password2}} +{{include file="field_password.tpl" field=$password3}} {{if $oid_enable}} {{include file="field_input.tpl" field=$openid}} @@ -28,6 +29,7 @@ {{include file="field_input.tpl" field=$username}} {{include file="field_input.tpl" field=$email}} +{{include file="field_password.tpl" field=$password4}} {{include file="field_custom.tpl" field=$timezone}} {{include file="field_input.tpl" field=$defloc}} {{include file="field_checkbox.tpl" field=$allowloc}}