BUGFIX: using the recovery password to change your password

to change your password you needed your old password, the recovery password didn't work, which made it hard to change it, in case you forgot your old password... fixed
author: Arun Persaud <arun@nubati.net> 2007-07-18 23:51:23 -0700
committer: Arun Persaud <arun@nubati.net> 2007-07-18 23:51:23 -0700
commit: 54ea7b7fae46bae795d72ff671c15091ae505256 (patch)
tree: 417bf017cc448100b6f156b41b4641d1c71b34d1 /index.php
parent: 35687ace49ce0b41b1380603513d1f04cd6b458f (diff)
download: e-DoKo-54ea7b7fae46bae795d72ff671c15091ae505256.tar.gz
e-DoKo-54ea7b7fae46bae795d72ff671c15091ae505256.tar.bz2
e-DoKo-54ea7b7fae46bae795d72ff671c15091ae505256.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/index.php b/index.php
index 08ae14c..fef72fd 100644
--- a/index.php
+++ b/index.php
@@ -1817,7 +1817,8 @@ else if( myisset("email","password") || isset($_SESSION["name"]) )
 		   $ok = 1;
 
 		   /* check if old password matches */
-		   if($password != md5($_REQUEST["password0"]))
+		   $oldpasswd = md5($_REQUEST["password0"]);
+		   if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
 		     $ok = -1;
 		   /* check if new passwords are types the same twice */
 		   if($_REQUEST["password1"] != $_REQUEST["password2"] )
author	Arun Persaud <arun@nubati.net>	2007-07-18 23:51:23 -0700
committer	Arun Persaud <arun@nubati.net>	2007-07-18 23:51:23 -0700
commit	54ea7b7fae46bae795d72ff671c15091ae505256 (patch)
tree	417bf017cc448100b6f156b41b4641d1c71b34d1 /index.php
parent	35687ace49ce0b41b1380603513d1f04cd6b458f (diff)
download	e-DoKo-54ea7b7fae46bae795d72ff671c15091ae505256.tar.gz e-DoKo-54ea7b7fae46bae795d72ff671c15091ae505256.tar.bz2 e-DoKo-54ea7b7fae46bae795d72ff671c15091ae505256.zip