X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fpasswordsettings.php;h=024f1287f2405cf9c1d98f0ca3af5ae51cbf2889;hb=da372c4d883eb93bcc90d37dac25bbf6273872a8;hp=cd4beac3f2120a9c83a81f4ddc8a4e98c8573777;hpb=fe1ae3a47edb09e3fd144589f095bfc40637ca2a;p=quix0rs-gnu-social.git

diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php
index cd4beac3f2..024f1287f2 100644
--- a/actions/passwordsettings.php
+++ b/actions/passwordsettings.php
@@ -58,6 +58,19 @@ class PasswordsettingsAction extends AccountSettingsAction
         return _('Change password');
     }
 
+    function prepare($args){
+        parent::prepare($args);
+
+        $user = common_current_user();
+
+        Event::handle('CanUserChangeField', array($user->nickname, 'password'));
+
+        if(! $fields['password']){
+            //user is not allowed to change his password
+            $this->clientError(_('You are not allowed to change your password'));
+        }
+    }
+
     /**
      * Instructions for use
      *
@@ -86,6 +99,7 @@ class PasswordsettingsAction extends AccountSettingsAction
     function showContent()
     {
         $user = common_current_user();
+
         $this->elementStart('form', array('method' => 'POST',
                                           'id' => 'form_password',
                                           'class' => 'form_settings',
@@ -164,23 +178,32 @@ class PasswordsettingsAction extends AccountSettingsAction
                 $this->showForm(_('Incorrect old password'));
                 return;
             }
+        }else{
+            $oldpassword = null;
         }
 
-        $original = clone($user);
+        $errormsg = false;
+        if(! Event::handle('ChangePassword', array($user->nickname, $oldpassword, $newpassword, &$errormsg))){
+            //no handler changed the password, so change the password internally
+            $original = clone($user);
 
-        $user->password = common_munge_password($newpassword, $user->id);
+            $user->password = common_munge_password($newpassword, $user->id);
 
-        $val = $user->validate();
-        if ($val !== true) {
-            $this->showForm(_('Error saving user; invalid.'));
-            return;
-        }
+            $val = $user->validate();
+            if ($val !== true) {
+                $this->showForm(_('Error saving user; invalid.'));
+                return;
+            }
 
-        if (!$user->update($original)) {
-            $this->serverError(_('Can\'t save new password.'));
-            return;
+            if (!$user->update($original)) {
+                $this->serverError(_('Can\'t save new password.'));
+                return;
+            }
         }
 
-        $this->showForm(_('Password saved.'), true);
+        if($errormsg === false)
+            $this->showForm(_('Password saved.'), true);
+        else
+            $this->showForm($errormsg);
     }
 }