aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/user/password.php14
-rw-r--r--languages/en.php2
-rw-r--r--views/default/user/settings/password.php26
3 files changed, 37 insertions, 5 deletions
diff --git a/actions/user/password.php b/actions/user/password.php
index ceb9d4585..32b27bf74 100644
--- a/actions/user/password.php
+++ b/actions/user/password.php
@@ -8,6 +8,7 @@
gatekeeper();
+$current_password = get_input('current_password');
$password = get_input('password');
$password2 = get_input('password2');
$user_id = get_input('guid');
@@ -19,6 +20,19 @@ if (!$user_id) {
}
if (($user) && ($password != "")) {
+ // let admin user change anyone's password without knowing it except his own.
+ if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) {
+ $credentials = array(
+ 'username' => $user->username,
+ 'password' => $current_password
+ );
+
+ if (!pam_auth_userpass($credentials)) {
+ register_error(elgg_echo('user:password:fail:incorrect_current_password'));
+ forward(REFERER);
+ }
+ }
+
if (strlen($password) >= 4) {
if ($password == $password2) {
$user->salt = generate_random_cleartext_password(); // Reset the salt
diff --git a/languages/en.php b/languages/en.php
index 3d166789e..2a4cd7e1f 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -401,12 +401,14 @@ $english = array(
'user:name:fail' => "Could not change your name on the system. Please make sure your name isn't too long and try again.",
'user:set:password' => "Account password",
+ 'user:current_password:label' => 'Current password',
'user:password:label' => "Your new password",
'user:password2:label' => "Your new password again",
'user:password:success' => "Password changed",
'user:password:fail' => "Could not change your password on the system.",
'user:password:fail:notsame' => "The two passwords are not the same!",
'user:password:fail:tooshort' => "Password is too short!",
+ 'user:password:fail:incorrect_current_password' => 'The current password entered is incorrect.',
'user:resetpassword:unknown_user' => 'Invalid user.',
'user:resetpassword:reset_password_confirm' => 'Resetting your password will email a new password to your registered email address.',
diff --git a/views/default/user/settings/password.php b/views/default/user/settings/password.php
index ea7be401d..416e4dcef 100644
--- a/views/default/user/settings/password.php
+++ b/views/default/user/settings/password.php
@@ -12,15 +12,31 @@ if ($user) {
?>
<div class="user_settings password">
<h3><?php echo elgg_echo('user:set:password'); ?></h3>
-<p>
+
+ <?php
+ // only make the admin user enter current password for changing his own password.
+ if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) {
+ ?>
+ <p>
+ <?php echo elgg_echo('user:current_password:label'); ?>:
+ <?php
+ echo elgg_view('input/password', array('internalname' => 'current_password'));
+ ?>
+ </p>
+ <?php } ?>
+
+ <p>
<?php echo elgg_echo('user:password:label'); ?>:
<?php
- echo elgg_view('input/password',array('internalname' => 'password'));
- ?></p><p>
+ echo elgg_view('input/password', array('internalname' => 'password'));
+ ?>
+ </p>
+
+ <p>
<?php echo elgg_echo('user:password2:label'); ?>: <?php
- echo elgg_view('input/password',array('internalname' => 'password2'));
+ echo elgg_view('input/password', array('internalname' => 'password2'));
?>
-</p>
+ </p>
</div>
<?php
} \ No newline at end of file