Merge pull request #4001 from MrPetovan/bug/3999-fix-password-change

Fix password change
This commit is contained in:
Michael Vogel 2017-12-03 14:49:10 +01:00 committed by GitHub
commit ae1227c9ca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -348,7 +348,6 @@ function settings_post(App $a) {
} }
} }
$r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d", $r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d",
dbesc($theme), dbesc($theme),
intval(local_user()) intval(local_user())
@ -370,7 +369,6 @@ function settings_post(App $a) {
call_hooks('settings_post', $_POST); call_hooks('settings_post', $_POST);
if (x($_POST, 'password') || x($_POST, 'confirm')) { if (x($_POST, 'password') || x($_POST, 'confirm')) {
$newpass = $_POST['password']; $newpass = $_POST['password'];
$confirm = $_POST['confirm']; $confirm = $_POST['confirm'];
@ -385,9 +383,8 @@ function settings_post(App $a) {
$err = true; $err = true;
} }
// check if the old password was supplied correctly before // check if the old password was supplied correctly before changing it to the new value
// changing it to the new value if (!User::authenticate(intval(local_user()), $_POST['opassword'])) {
if (User::authenticate(intval(local_user()), $_POST['opassword'])) {
notice(t('Wrong password.') . EOL); notice(t('Wrong password.') . EOL);
$err = true; $err = true;
} }
@ -398,14 +395,14 @@ function settings_post(App $a) {
dbesc($password), dbesc($password),
intval(local_user()) intval(local_user())
); );
if ($r) if ($r) {
info(t('Password changed.') . EOL); info(t('Password changed.') . EOL);
else } else {
notice(t('Password update failed. Please try again.') . EOL); notice(t('Password update failed. Please try again.') . EOL);
}
} }
} }
$username = ((x($_POST, 'username')) ? notags(trim($_POST['username'])) : ''); $username = ((x($_POST, 'username')) ? notags(trim($_POST['username'])) : '');
$email = ((x($_POST, 'email')) ? notags(trim($_POST['email'])) : ''); $email = ((x($_POST, 'email')) ? notags(trim($_POST['email'])) : '');
$timezone = ((x($_POST, 'timezone')) ? notags(trim($_POST['timezone'])) : ''); $timezone = ((x($_POST, 'timezone')) ? notags(trim($_POST['timezone'])) : '');