Changeset 9628

Timestamp:

03/20/2015 12:37:51 PM (8 years ago)

Author:

imath

Message:

In user settings, make sure current password does not match new password

When the user is changing his password, it will display an error message if the new password is the same as the current password.

Props henry.wright

Fixes #6111

File:

• trunk/src/bp-settings/bp-settings-actions.php (modified) (2 diffs)

trunk/src/bp-settings/bp-settings-actions.php

@@ -161 +161 @@
         if ( !empty( $_POST['pass1'] ) && !empty( $_POST['pass2'] ) ) {
 
-            // Password change attempt is successful
             if ( ( $_POST['pass1'] == $_POST['pass2'] ) && !strpos( " " . $_POST['pass1'], "\\" ) ) {
-                $update_user->user_pass = $_POST['pass1'];
-                $pass_changed = true;
+                
+                // Password change attempt is successful
+                if ( $_POST['pwd'] != $_POST['pass1'] ) {
+                    $update_user->user_pass = $_POST['pass1'];
+                    $pass_changed = true;
+                    
+                // The new password is the same as the current password
+                } else {
+                    $pass_error = 'same';
+                }
 
             // Password change attempt was unsuccessful
@@ -236 +243 @@
             $feedback['pass_empty']    = __( 'One of the password fields was empty.', 'buddypress' );
             break;
+        case 'same' :
+            $feedback['pass_same']     = __( 'The new password must be different from the current password.', 'buddypress' );
         case false :
             // No change