aboutsummaryrefslogtreecommitdiff
path: root/actions/user/password.php
diff options
context:
space:
mode:
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-11-21 21:24:57 +0000
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>2010-11-21 21:24:57 +0000
commit953c20c3846e8ffd70392f12560cf39537c795b9 (patch)
tree59263e79b1f8daec8fa7492e2cf4cf3972b08395 /actions/user/password.php
parent18ed4a4d43498fdf4d6e87674e3adcfff0ea60a4 (diff)
downloadelgg-953c20c3846e8ffd70392f12560cf39537c795b9.tar.gz
elgg-953c20c3846e8ffd70392f12560cf39537c795b9.tar.bz2
Refs #2669: Merged password change fixes in 7404 to trunk.
git-svn-id: http://code.elgg.org/elgg/trunk@7405 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'actions/user/password.php')
-rw-r--r--actions/user/password.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/actions/user/password.php b/actions/user/password.php
index ceb9d4585..32b27bf74 100644
--- a/actions/user/password.php
+++ b/actions/user/password.php
@@ -8,6 +8,7 @@
gatekeeper();
+$current_password = get_input('current_password');
$password = get_input('password');
$password2 = get_input('password2');
$user_id = get_input('guid');
@@ -19,6 +20,19 @@ if (!$user_id) {
}
if (($user) && ($password != "")) {
+ // let admin user change anyone's password without knowing it except his own.
+ if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) {
+ $credentials = array(
+ 'username' => $user->username,
+ 'password' => $current_password
+ );
+
+ if (!pam_auth_userpass($credentials)) {
+ register_error(elgg_echo('user:password:fail:incorrect_current_password'));
+ forward(REFERER);
+ }
+ }
+
if (strlen($password) >= 4) {
if ($password == $password2) {
$user->salt = generate_random_cleartext_password(); // Reset the salt