diff options
author | redmatrix <git@macgirvin.com> | 2016-02-19 13:18:51 -0800 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-02-19 13:18:51 -0800 |
commit | 8e586008dd8cceb02fc5378d11fce9673a0d5e41 (patch) | |
tree | eb95c14b5c136fbddf074517e47b9c712e4c272a | |
parent | 50c7c33ed199fad3b17b8beef544743e107e547f (diff) | |
download | volse-hubzilla-8e586008dd8cceb02fc5378d11fce9673a0d5e41.tar.gz volse-hubzilla-8e586008dd8cceb02fc5378d11fce9673a0d5e41.tar.bz2 volse-hubzilla-8e586008dd8cceb02fc5378d11fce9673a0d5e41.zip |
issue #287 require old password to change password
-rw-r--r-- | mod/settings.php | 68 | ||||
-rwxr-xr-x | view/tpl/settings_account.tpl | 1 |
2 files changed, 40 insertions, 29 deletions
diff --git a/mod/settings.php b/mod/settings.php index 467cccfc7..2f90b037f 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -225,10 +225,44 @@ function settings_post(&$a) { $errs = array(); + $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); + $account = $a->get_account(); + if($email != $account['account_email']) { + if(! valid_email($email)) + $errs[] = t('Not valid email.'); + $adm = trim(get_config('system','admin_email')); + if(($adm) && (strcasecmp($email,$adm) == 0)) { + $errs[] = t('Protected email address. Cannot change to that email.'); + $email = $a->user['email']; + } + if(! $errs) { + $r = q("update account set account_email = '%s' where account_id = %d", + dbesc($email), + intval($account['account_id']) + ); + if(! $r) + $errs[] = t('System failure storing new email. Please try again.'); + } + } + + if($errs) { + foreach($errs as $err) + notice($err . EOL); + $errs = array(); + } + + if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { - $newpass = $_POST['npassword']; - $confirm = $_POST['confirm']; + $origpass = trim($_POST['origpass']); + + require_once('include/auth.php'); + if(! account_verify_password($email,$origpass)) { + $errs[] = t('Password verification failed.'); + } + + $newpass = trim($_POST['npassword']); + $confirm = trim($_POST['confirm']); if($newpass != $confirm ) { $errs[] = t('Passwords do not match. Password unchanged.'); @@ -255,31 +289,6 @@ function settings_post(&$a) { } } - if($errs) { - foreach($errs as $err) - notice($err . EOL); - $errs = array(); - } - - $email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : ''); - $account = $a->get_account(); - if($email != $account['account_email']) { - if(! valid_email($email)) - $errs[] = t('Not valid email.'); - $adm = trim(get_config('system','admin_email')); - if(($adm) && (strcasecmp($email,$adm) == 0)) { - $errs[] = t('Protected email address. Cannot change to that email.'); - $email = $a->user['email']; - } - if(! $errs) { - $r = q("update account set account_email = '%s' where account_id = %d", - dbesc($email), - intval($account['account_id']) - ); - if(! $r) - $errs[] = t('System failure storing new email. Please try again.'); - } - } if($errs) { foreach($errs as $err) @@ -695,8 +704,9 @@ function settings_content(&$a) { $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_account"), '$title' => t('Account Settings'), - '$password1'=> array('npassword', t('Enter New Password:'), '', ''), - '$password2'=> array('confirm', t('Confirm New Password:'), '', t('Leave password fields blank unless changing')), + '$origpass' => array('origpass', t('Current Password'), ' ',''), + '$password1'=> array('npassword', t('Enter New Password'), '', ''), + '$password2'=> array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')), '$submit' => t('Submit'), '$email' => array('email', t('Email Address:'), $email, ''), '$removeme' => t('Remove Account'), diff --git a/view/tpl/settings_account.tpl b/view/tpl/settings_account.tpl index 9f550fe4a..4a93e0610 100755 --- a/view/tpl/settings_account.tpl +++ b/view/tpl/settings_account.tpl @@ -8,6 +8,7 @@ <input type='hidden' name='form_security_token' value='{{$form_security_token}}'> <div class="section-content-tools-wrapper"> {{include file="field_input.tpl" field=$email}} + {{include file="field_password.tpl" field=$origpass}} {{include file="field_password.tpl" field=$password1}} {{include file="field_password.tpl" field=$password2}} <div class="settings-submit-wrapper" > |