check password when changing users email
This commit is contained in:
parent
5827db0ea3
commit
4dd406055c
|
@ -314,6 +314,8 @@ function settings_post(&$a) {
|
||||||
$err = true;
|
$err = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// check if the old password was supplied correctly before
|
||||||
|
// changing it to the new value
|
||||||
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
||||||
if( $oldpass != $r[0]['password'] ) {
|
if( $oldpass != $r[0]['password'] ) {
|
||||||
notice( t('Wrong password.') . EOL);
|
notice( t('Wrong password.') . EOL);
|
||||||
|
@ -401,8 +403,17 @@ function settings_post(&$a) {
|
||||||
|
|
||||||
if($email != $a->user['email']) {
|
if($email != $a->user['email']) {
|
||||||
$email_changed = true;
|
$email_changed = true;
|
||||||
|
// check for the correct password
|
||||||
|
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
|
||||||
|
$password = hash('whirlpool', $_POST['password']);
|
||||||
|
if ($password != $r[0]['password']) {
|
||||||
|
$err .= t('Wrong Password') . EOL;
|
||||||
|
$email = $a->user['email'];
|
||||||
|
}
|
||||||
|
// check the email is valid
|
||||||
if(! valid_email($email))
|
if(! valid_email($email))
|
||||||
$err .= t(' Not valid email.');
|
$err .= t(' Not valid email.');
|
||||||
|
// ensure new email is not the admin mail
|
||||||
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
||||||
$err .= t(' Cannot change to that email.');
|
$err .= t(' Cannot change to that email.');
|
||||||
$email = $a->user['email'];
|
$email = $a->user['email'];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user