check for old password when changing passwords

author: Robin Appelman <icewind1991@gmail.com> 2011-09-25 01:01:39 +0200
committer: Robin Appelman <icewind1991@gmail.com> 2011-09-25 01:02:22 +0200
commit: 09092dd2d261d8fc31f424241f3cf87f0bb9bf88 (patch)
tree: 5b843845b96cf2acac8bea7dfddfa5b81808d213 /settings/ajax
parent: ae4c83af916056b566e143b6fcebc80239a5b3e5 (diff)
download: nextcloud-server-09092dd2d261d8fc31f424241f3cf87f0bb9bf88.tar.gz
nextcloud-server-09092dd2d261d8fc31f424241f3cf87f0bb9bf88.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index c5cdbcef056..2a8e428fde4 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -10,7 +10,7 @@ $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
 $password = $_POST["password"];
 
 // Check if we are a user
-if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' )&& $username!=OC_User::getUser())) {
+if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$password)))) {
 	echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" )));
 	exit();
 }
author	Robin Appelman <icewind1991@gmail.com>	2011-09-25 01:01:39 +0200
committer	Robin Appelman <icewind1991@gmail.com>	2011-09-25 01:02:22 +0200
commit	09092dd2d261d8fc31f424241f3cf87f0bb9bf88 (patch)
tree	5b843845b96cf2acac8bea7dfddfa5b81808d213 /settings/ajax
parent	ae4c83af916056b566e143b6fcebc80239a5b3e5 (diff)
download	nextcloud-server-09092dd2d261d8fc31f424241f3cf87f0bb9bf88.tar.gz nextcloud-server-09092dd2d261d8fc31f424241f3cf87f0bb9bf88.zip