mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 16:56:44 +02:00
Code Issues Releases Wiki Activity

[ticket/9361] View correct error messages when editing account information

Browse Source 
Currently the "current password" is only checked, when you change something.
This means you get "Your profile has been updated." although you enter a wrong
password. I also added proper error messages, when you leave the confirm fields
empty, and sorted them in the order of the field appearances on the html page.

PHPBB3-9361
This commit is contained in:
Joas Schilling
2011-10-14 16:23:16 +02:00
parent 86f8851c40
commit 14af18cb1b
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
phpBB/includes/ucp/ucp_profile.php
View File

@@ -78,14 +78,14 @@ class ucp_profile
$error = validate_data($data, $check_ary);
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
{
$error[] = 'NEW_PASSWORD_ERROR';
$error[] = ($data['email_confirm']) ? 'NEW_EMAIL_ERROR' : 'NEW_EMAIL_CONFIRM_EMPTY';
}
if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password']))
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password'])
{
$error[] = 'CUR_PASSWORD_ERROR';
$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
}
// Only check the new password against the previous password if there have been no errors
@@ -94,9 +94,9 @@ class ucp_profile
$error[] = 'SAME_PASSWORD_ERROR';
}
if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email'])
if (!phpbb_check_hash($data['cur_password'], $user->data['user_password']))
{
$error[] = 'NEW_EMAIL_ERROR';
$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
}
if (!check_form_key('ucp_reg_details'))