Add a confirmation password input field that must match the primary

password field in order for the update to succeed.  If there is no
data entered in the primary password field, the confirmation field is
ignored.

Addresses Trac Ticket #4

1 files changed, 12 insertions, 0 deletions

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 38e68d30..496ed9ca 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -37,6 +37,12 @@ class Admin_Users_Controller extends Controller {
       $valid = false;
     }
 
+    if ($form->add_user->password->value &&
+        $form->add_user->password->value != $form->add_user->password2->value) {
+      $form->add_user->password2->add_error("mistyped", 1);
+      $valid = false;
+    }
+
     if ($valid) {
       $user = user::create(
         $name, $form->add_user->full_name->value, $form->add_user->password->value);
@@ -106,6 +112,12 @@ class Admin_Users_Controller extends Controller {
       }
     }
 
+    if ($form->edit_user->password->value &&
+        $form->edit_user->password->value != $form->edit_user->password2->value) {
+      $form->edit_user->password2->add_error("mistyped", 1);
+      $valid = false;
+    }
+
     if ($valid) {
       $user->name = $new_name;
       $user->full_name = $form->edit_user->full_name->value;