check current password before changing the password

diff --git a/mod/settings.php b/mod/settings.php
index 38bfedbb1ce1916d45f9d3f5c07f54961a7ef07d..56526b7e796a751a994205bfe9c0404009d51d22 100644 (file)
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -300,7 +300,8 @@ function settings_post(&$a) {
        if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
 
                $newpass = $_POST['npassword'];
-               $confirm = $_POST['confirm'];
+                $confirm = $_POST['confirm'];
+                $oldpass = hash('whirlpool', $_POST['opassword']);
 
                $err = false;
                if($newpass != $confirm ) {
@@ -311,7 +312,13 @@ function settings_post(&$a) {
                if((! x($newpass)) || (! x($confirm))) {
                        notice( t('Empty passwords are not allowed. Password unchanged.') . EOL);
                        $err = true;
-               }
+                }
+
+                $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
+                if( $oldpass != $r[0]['password'] ) {
+                    notice( t('Wrong password.') . EOL);
+                    $err = true;
+                }
 
                if(! $err) {
                        $password = hash('whirlpool',$newpass);
@@ -1045,6 +1052,8 @@ function settings_content(&$a) {
                '$h_pass'       => t('Password Settings'),
                '$password1'=> array('npassword', t('New Password:'), '', ''),
                '$password2'=> array('confirm', t('Confirm:'), '', t('Leave password fields blank unless changing')),
+               '$password3'=> array('opassword', t('Current Password:'), '', t('Your current password to confirm the changes')),
+               '$password4'=> array('password', t('Password:'), '', t('Your current password to confirm the changes')),
                '$oid_enable' => (! get_config('system','no_openid')),
                '$openid'       => $openid_field,
                

diff --git a/view/settings.tpl b/view/settings.tpl
index bebd0c12a85df299645ec07f007a6d0cbb5cd86f..569ebcf101bc2b245f3938a7e0adfde784bbedbe 100644 (file)
--- a/view/settings.tpl
+++ b/view/settings.tpl
@@ -9,6 +9,7 @@ $nickname_block
 
 {{inc field_password.tpl with $field=$password1 }}{{endinc}}
 {{inc field_password.tpl with $field=$password2 }}{{endinc}}
+{{inc field_password.tpl with $field=$password3 }}{{endinc}}
 
 {{ if $oid_enable }}
 {{inc field_input.tpl with $field=$openid }}{{endinc}}
@@ -23,6 +24,7 @@ $nickname_block
 
 {{inc field_input.tpl with $field=$username }}{{endinc}}
 {{inc field_input.tpl with $field=$email }}{{endinc}}
+{{inc field_password.tpl with $field=$password4 }}{{endinc}}
 {{inc field_custom.tpl with $field=$timezone }}{{endinc}}
 {{inc field_input.tpl with $field=$defloc }}{{endinc}}
 {{inc field_checkbox.tpl with $field=$allowloc }}{{endinc}}

diff --git a/view/smarty3/settings.tpl b/view/smarty3/settings.tpl
index b79b26b795557c88598c178b85d0be546a8fba5e..2ab4bd466ca9f46d7eca1beb37b6bc825bbf4c0f 100644 (file)
--- a/view/smarty3/settings.tpl
+++ b/view/smarty3/settings.tpl
@@ -14,6 +14,7 @@
 
 {{include file="field_password.tpl" field=$password1}}
 {{include file="field_password.tpl" field=$password2}}
+{{include file="field_password.tpl" field=$password3}}
 
 {{if $oid_enable}}
 {{include file="field_input.tpl" field=$openid}}
@@ -28,6 +29,7 @@
 
 {{include file="field_input.tpl" field=$username}}
 {{include file="field_input.tpl" field=$email}}
+{{include file="field_password.tpl" field=$password4}}
 {{include file="field_custom.tpl" field=$timezone}}
 {{include file="field_input.tpl" field=$defloc}}
 {{include file="field_checkbox.tpl" field=$allowloc}}