diff options
Diffstat (limited to 'actions/user/password.php')
-rw-r--r-- | actions/user/password.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/actions/user/password.php b/actions/user/password.php index ceb9d4585..32b27bf74 100644 --- a/actions/user/password.php +++ b/actions/user/password.php @@ -8,6 +8,7 @@ gatekeeper(); +$current_password = get_input('current_password'); $password = get_input('password'); $password2 = get_input('password2'); $user_id = get_input('guid'); @@ -19,6 +20,19 @@ if (!$user_id) { } if (($user) && ($password != "")) { + // let admin user change anyone's password without knowing it except his own. + if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) { + $credentials = array( + 'username' => $user->username, + 'password' => $current_password + ); + + if (!pam_auth_userpass($credentials)) { + register_error(elgg_echo('user:password:fail:incorrect_current_password')); + forward(REFERER); + } + } + if (strlen($password) >= 4) { if ($password == $password2) { $user->salt = generate_random_cleartext_password(); // Reset the salt |