From 628f3fa9443a463a87b3a620869f1ad135e8acf9 Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Wed, 20 Apr 2022 18:07:32 -0400
Subject: [PATCH] Fix being able to change your password to an empty password.

---
 profile.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/profile.php b/profile.php
index 5c4db04..ea46209 100644
--- a/profile.php
+++ b/profile.php
@@ -19,9 +19,8 @@ $user_password = $current_user->password;
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     if (!verifyCsrfToken()) {
         $error = 'Invalid CSRF token (do you have cookies enabled?)';
-    } else if (isset($_POST['cpassword'])) {
-        $user_old_pass = $_POST['old_password'];
-        if (pp_password_verify($user_old_pass, $user_password)) {
+    } else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {
+        if (pp_password_verify($_POST['old_password'], $user_password)) {
             $user_new_cpass = pp_password_hash($_POST['password']);
 
             $current_user->password = $user_new_cpass;