Skip to content
Snippets Groups Projects
Commit c16a9a83 authored by Robin Appelman's avatar Robin Appelman
Browse files

actually check the correct password when changing the password

parent 09092dd2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
settings/ajax/changepassword.php
+ 2
1
View file @ c16a9a83
...@@ -8,9 +8,10 @@ header( "Content-Type: application/jsonrequest" ); ...@@ -8,9 +8,10 @@ header( "Content-Type: application/jsonrequest" );
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$password = $_POST["password"]; $password = $_POST["password"];
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
// Check if we are a user // Check if we are a user
if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$password)))) { if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" )));
exit(); exit();
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment