actually check the correct password when changing the password
This commit is contained in:
parent
09092dd2d2
commit
c16a9a83ba
|
@ -8,9 +8,10 @@ header( "Content-Type: application/jsonrequest" );
|
|||
|
||||
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
|
||||
$password = $_POST["password"];
|
||||
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
|
||||
|
||||
// Check if we are a user
|
||||
if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$password)))) {
|
||||
if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
|
||||
echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" )));
|
||||
exit();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue