PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix being able to change your password to an empty password.

Browse source
This commit is contained in:
Floorb 2022-04-20 18:07:32 -04:00
parent 4183286d5a
commit 628f3fa944
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
profile.php
View file

@ -19,9 +19,8 @@ $user_password = $current_user->password;
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!verifyCsrfToken()) { if (!verifyCsrfToken()) {
$error = 'Invalid CSRF token (do you have cookies enabled?)'; $error = 'Invalid CSRF token (do you have cookies enabled?)';
} else if (isset($_POST['cpassword'])) { } else if (isset($_POST['cpassword']) && !empty($_POST['old_password']) && !empty($_POST['password'])) {
$user_old_pass = $_POST['old_password']; if (pp_password_verify($_POST['old_password'], $user_password)) {
if (pp_password_verify($user_old_pass, $user_password)) {
$user_new_cpass = pp_password_hash($_POST['password']); $user_new_cpass = pp_password_hash($_POST['password']);
$current_user->password = $user_new_cpass; $current_user->password = $user_new_cpass;