X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fchange_current_user_password.php;h=1b69e00ec5f7fdea54e09a49ad0be8494c9a83ec;hb=268a54dcfd08aff7113bc3afe8b784f36db2d0d4;hp=29112d0376f266ddcb38e38e0398777a0a159ec2;hpb=303eb17e9cdd9702eee9fdfcaee51e654a1da541;p=fa-stable.git

diff --git a/admin/change_current_user_password.php b/admin/change_current_user_password.php
index 29112d03..1b69e00e 100644
--- a/admin/change_current_user_password.php
+++ b/admin/change_current_user_password.php
@@ -23,6 +23,18 @@ include_once($path_to_root . "/admin/db/users_db.inc");
 function can_process()
 {
 
+	$Auth_Result = hook_authenticate($_SESSION["wa_current_user"]->username, $_POST['cur_password']);
+
+	if (!isset($Auth_Result))	// if not used external login: standard method
+		$Auth_Result = get_user_auth($_SESSION["wa_current_user"]->username, md5($_POST['cur_password']));
+
+	if (!$Auth_Result)
+   	{
+  		display_error( _("Invalid password entered."));
+		set_focus('cur_password');
+   		return false;
+   	}
+	
    	if (strlen($_POST['password']) < 4)
    	{
   		display_error( _("The password entered must be at least 4 characters long."));
@@ -47,12 +59,12 @@ function can_process()
 	return true;
 }
 
-if (isset($_POST['UPDATE_ITEM']))
+if (isset($_POST['UPDATE_ITEM']) && check_csrf_token())
 {
 
 	if (can_process())
 	{
-		if ($allow_demo_mode) {
+		if ($SysPrefs->allow_demo_mode) {
 		    display_warning(_("Password cannot be changed in demo mode."));
 		} else {
 			update_user_password($_SESSION["wa_current_user"]->user, 
@@ -66,17 +78,19 @@ if (isset($_POST['UPDATE_ITEM']))
 
 start_form();
 
-start_table($table_style);
+start_table(TABLESTYLE);
 
 $myrow = get_user($_SESSION["wa_current_user"]->user);
 
 label_row(_("User login:"), $myrow['user_id']);
 
+$_POST['cur_password'] = "";
 $_POST['password'] = "";
 $_POST['passwordConfirm'] = "";
 
-password_row(_("Password:"), 'password', $_POST['password']);
-password_row(_("Repeat password:"), 'passwordConfirm', $_POST['passwordConfirm']);
+password_row(_("Current Password:"), 'cur_password', $_POST['cur_password']);
+password_row(_("New Password:"), 'password', $_POST['password']);
+password_row(_("Repeat New Password:"), 'passwordConfirm', $_POST['passwordConfirm']);
 
 table_section_title(_("Enter your new password in the fields."));
 
@@ -85,4 +99,3 @@ end_table(1);
 submit_center( 'UPDATE_ITEM', _('Change password'), true, '',  'default');
 end_form();
 end_page();
-?>