X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fchange_current_user_password.php;h=bb7c9cb0736be78c9dbc2f3de0c19d289657de54;hb=5bc87f4965ed7601c1580512b41f78762389f3c3;hp=e8005ae303bd4db47be7ba6e0c97dbcc2b950997;hpb=4d4371fb200bb27fd6b680ebd2d1aaa450a0be7e;p=fa-stable.git

diff --git a/admin/change_current_user_password.php b/admin/change_current_user_password.php
index e8005ae3..bb7c9cb0 100644
--- a/admin/change_current_user_password.php
+++ b/admin/change_current_user_password.php
@@ -9,20 +9,17 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security=1;
+$page_security = 'SA_CHGPASSWD';
 $path_to_root="..";
 include_once($path_to_root . "/includes/session.inc");
 
-page(_("Change password"));
+page(_($help_context = "Change password"));
 
 include_once($path_to_root . "/includes/date_functions.inc");
 include_once($path_to_root . "/includes/ui.inc");
 
 include_once($path_to_root . "/admin/db/users_db.inc");
 
-$selected_id = $_SESSION["wa_current_user"]->username;
-
-
 function can_process()
 {
 
@@ -33,7 +30,7 @@ function can_process()
    		return false;
    	}
 
-   	if (strstr($_POST['password'], $_POST['user_id']) != false)
+   	if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false)
    	{
    		display_error( _("The password cannot contain the user login."));
 		set_focus('password');
@@ -58,7 +55,9 @@ if (isset($_POST['UPDATE_ITEM']))
 		if ($allow_demo_mode) {
 		    display_warning(_("Password cannot be changed in demo mode."));
 		} else {
-			update_user_password($_POST['user_id'], md5($_POST['password']));
+			update_user_password($_SESSION["wa_current_user"]->user, 
+				$_SESSION["wa_current_user"]->username,
+				md5($_POST['password']));
 		    display_notification(_("Your password has been updated."));
 		}
 		$Ajax->activate('_page_body');
@@ -69,13 +68,9 @@ start_form();
 
 start_table($table_style);
 
-$myrow = get_user($selected_id);
-
-$_POST['user_id'] = $myrow["user_id"];
-hidden('selected_id', $selected_id);
-hidden('user_id', $_POST['user_id']);
+$myrow = get_user($_SESSION["wa_current_user"]->user);
 
-label_row(_("User login:"), $_POST['user_id']);
+label_row(_("User login:"), $myrow['user_id']);
 
 $_POST['password'] = "";
 $_POST['passwordConfirm'] = "";