$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$password = $_POST["password"];
+$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
// Check if we are a user
-if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$password)))) {
+if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" )));
exit();
}