Unverified Commit 725ba11e authored by gloriarodriguez's avatar gloriarodriguez Committed by GitHub
Browse files

Fix/1352 check current password (#1355)

fix(frontend): now the form check if the current password is ok

If a local user wants to change the password, the form doesn't check if
the password match with the current password.

fixes issue #1352 
parent 74ac4c5a
......@@ -1333,26 +1333,34 @@ sub user_settings {
$c->param('tongue' => $USER->language);
my @errors;
if ($c->param('button_click')) {
if (($c->param('password') eq "") || ($c->param('conf_password') eq "") || ($c->param('current_password') eq "")) {
push @errors,("Some of the password's fields are empty");
}
else {
if ($c->param('password') eq $c->param('conf_password')) {
eval {
$USER->change_password($c->param('password'));
_logged_in($c);
};
if ($@ =~ /Password too small/) {
push @errors,("Password too small")
}
else {
$changed_pass = 1;
}
}
else {
push @errors,("Password fields aren't equal")
}
}
my $auth_ok;
eval { $auth_ok = Ravada::Auth::login($USER->name, $c->param('current_password'))};
if (!$auth_ok || $@) {
push @errors, ("Current password is wrong");
}
else {
if (($c->param('password') eq "") || ($c->param('conf_password') eq "") || ($c->param('current_password') eq "")) {
push @errors,("Some of the password's fields are empty");
}
else {
if ($c->param('password') eq $c->param('conf_password')) {
eval {
$USER->change_password($c->param('password'));
_logged_in($c);
};
if ($@ =~ /Password too small/) {
push @errors,("Password too small")
}
else {
$changed_pass = 1;
}
}
else {
push @errors,("Password fields aren't equal")
}
}
}
}
$c->render(template => 'bootstrap/user_settings', changed_lang=> $changed_lang, changed_pass => $changed_pass
,errors =>\@errors);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment