diff options
-rw-r--r-- | app/Controller/UserCredentialController.php | 4 | ||||
-rw-r--r-- | app/Validator/UserValidator.php | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php index 23e7edba..ae52a13c 100644 --- a/app/Controller/UserCredentialController.php +++ b/app/Controller/UserCredentialController.php @@ -43,6 +43,10 @@ class UserCredentialController extends BaseController list($valid, $errors) = $this->userValidator->validatePasswordModification($values); + if (! $this->userSession->isAdmin()) { + $values['id'] = $this->userSession->getId(); + } + if ($valid) { if ($this->userModel->update($values)) { $this->flash->success(t('Password modified successfully.')); diff --git a/app/Validator/UserValidator.php b/app/Validator/UserValidator.php index fe402c47..041390a3 100644 --- a/app/Validator/UserValidator.php +++ b/app/Validator/UserValidator.php @@ -116,6 +116,10 @@ class UserValidator extends BaseValidator $v = new Validator($values, array_merge($rules, $this->commonPasswordValidationRules())); if ($v->execute()) { + if (! $this->userSession->isAdmin() && $values['id'] != $this->userSession->getId()) { + return array(false, array('current_password' => array('Invalid User ID'))); + } + if ($this->authenticationManager->passwordAuthentication($this->userSession->getUsername(), $values['current_password'], false)) { return array(true, array()); } else { |