Commit 9fc90d8b authored by joelalju's avatar joelalju
Browse files

[#400] user_settings asks for user's current password when changing it.

parent 0e1345e5
......@@ -420,6 +420,33 @@ sub change_password {
$sth->execute(sha1_hex($password), $self->name);
}
=head2 compare_password
Changes the input with the password of an User
$user->compare_password();
Arguments: password
=cut
sub compare_password {
my $self = shift;
my $password = shift or die "ERROR: password required\n";
_init_connector();
my $sth= $$CON->dbh->prepare("SELECT password FROM users WHERE name=?");
$sth->execute($self->name);
my $hex_pass = $sth->fetchrow();
if ($hex_pass eq sha1_hex($password)) {
return 1;
}
else {
return 0;
}
}
=head2 language
Updates or selects the language selected for an User
......
......@@ -628,25 +628,31 @@ sub user_settings {
$c->param('tongue' => $USER->language);
my @errors;
if ($c->param('button_click')) {
if (($c->param('password') eq "") || ($c->param('conf_password') eq "")) {
if (($c->param('password') eq "") || ($c->param('conf_password') eq "") || ($c->param('current_password') eq "")) {
push @errors,("Some of the password's fields are empty");
}
else {
if ($c->param('password') eq $c->param('conf_password')) {
eval {
$USER->change_password($c->param('password'));
_logged_in($c);
};
if ($@ =~ /Password too small/) {
push @errors,("Password too small")
my $comp_password = $USER->compare_password($c->param('current_password'));
if ($comp_password) {
if ($c->param('password') eq $c->param('conf_password')) {
eval {
$USER->change_password($c->param('password'));
_logged_in($c);
};
if ($@ =~ /Password too small/) {
push @errors,("Password too small");
}
else {
$changed_pass = 1;
};
}
else {
$changed_pass = 1;
};
}
else {
push @errors,("Password fields aren't equal")
}
push @errors,("Password fields aren't equal");
}
}
else {
push @errors, ("Input the current password properly");
}
}
}
$c->render(template => 'bootstrap/user_settings', changed_lang=> $changed_lang, changed_pass => $changed_pass
......
......@@ -44,6 +44,7 @@
<form method='post' enctype="multipart/form-data">
<p><%=l 'New Password:' %><input type= 'password' name= 'password' id='password'></p>
<p><%=l 'Confirm Password:' %><input type='password' name='conf_password' id='conf_password'></p>
<p><%=l 'Current Password:' %><input type='password' name='current_password' id='current_password'></p>
<p><input type='submit' onclick='this.form.submit();' id='button_click' name='button_click' value='<%=l 'Submit' %>'></input>
% if ($changed_pass) {
<font color="green"> <%=l 'Your password has been changed successfully' %></font>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment