From 6e1b761b12e13566875804c33efe2ae130ffa32e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 2 Feb 2010 21:36:01 -0800
Subject: Require the current password to change your password. Fixes ticket
 #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
---
 modules/user/helpers/user.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'modules/user/helpers/user.php')

diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 3561021f..7ceca6a5 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -70,6 +70,12 @@ class user_Core {
     return false;
   }
 
+  static function valid_password($password_input) {
+    if (!user::is_correct_password(identity::active_user(), $password_input->value)) {
+      $password_input->add_error("invalid", 1);
+    }
+  }
+
   /**
    * Create the hashed passwords.
    * @param string $password a plaintext password
-- 
cgit v1.2.3