From 54ea7b7fae46bae795d72ff671c15091ae505256 Mon Sep 17 00:00:00 2001
From: Arun Persaud <arun@nubati.net>
Date: Wed, 18 Jul 2007 23:51:23 -0700
Subject: BUGFIX: using the recovery password to change your password

to change your password you needed your old password, the recovery
password didn't work, which made it hard to change it, in case you
forgot your old password... fixed
---
 index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 08ae14c..fef72fd 100644
--- a/index.php
+++ b/index.php
@@ -1817,7 +1817,8 @@ else if( myisset("email","password") || isset($_SESSION["name"]) )
 		   $ok = 1;
 
 		   /* check if old password matches */
-		   if($password != md5($_REQUEST["password0"]))
+		   $oldpasswd = md5($_REQUEST["password0"]);
+		   if(!( ($password == $oldpasswd) || DB_check_recovery_passwords($oldpasswd,$email) ))
 		     $ok = -1;
 		   /* check if new passwords are types the same twice */
 		   if($_REQUEST["password1"] != $_REQUEST["password2"] )
-- 
cgit v1.2.3-18-g5258