This commit is contained in:
Tobias Diekershoff 2013-04-14 18:19:01 +02:00
parent 4dd406055c
commit b6d1a1f125

View File

@ -300,8 +300,8 @@ function settings_post(&$a) {
if((x($_POST,'npassword')) || (x($_POST,'confirm'))) { if((x($_POST,'npassword')) || (x($_POST,'confirm'))) {
$newpass = $_POST['npassword']; $newpass = $_POST['npassword'];
$confirm = $_POST['confirm']; $confirm = $_POST['confirm'];
$oldpass = hash('whirlpool', $_POST['opassword']); $oldpass = hash('whirlpool', $_POST['opassword']);
$err = false; $err = false;
if($newpass != $confirm ) { if($newpass != $confirm ) {
@ -312,15 +312,15 @@ function settings_post(&$a) {
if((! x($newpass)) || (! x($confirm))) { if((! x($newpass)) || (! x($confirm))) {
notice( t('Empty passwords are not allowed. Password unchanged.') . EOL); notice( t('Empty passwords are not allowed. Password unchanged.') . EOL);
$err = true; $err = true;
} }
// check if the old password was supplied correctly before // check if the old password was supplied correctly before
// changing it to the new value // changing it to the new value
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
if( $oldpass != $r[0]['password'] ) { if( $oldpass != $r[0]['password'] ) {
notice( t('Wrong password.') . EOL); notice( t('Wrong password.') . EOL);
$err = true; $err = true;
} }
if(! $err) { if(! $err) {
$password = hash('whirlpool',$newpass); $password = hash('whirlpool',$newpass);
@ -403,17 +403,17 @@ function settings_post(&$a) {
if($email != $a->user['email']) { if($email != $a->user['email']) {
$email_changed = true; $email_changed = true;
// check for the correct password // check for the correct password
$r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user()));
$password = hash('whirlpool', $_POST['password']); $password = hash('whirlpool', $_POST['password']);
if ($password != $r[0]['password']) { if ($password != $r[0]['password']) {
$err .= t('Wrong Password') . EOL; $err .= t('Wrong Password') . EOL;
$email = $a->user['email']; $email = $a->user['email'];
} }
// check the email is valid // check the email is valid
if(! valid_email($email)) if(! valid_email($email))
$err .= t(' Not valid email.'); $err .= t(' Not valid email.');
// ensure new email is not the admin mail // ensure new email is not the admin mail
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
$err .= t(' Cannot change to that email.'); $err .= t(' Cannot change to that email.');
$email = $a->user['email']; $email = $a->user['email'];