summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/Controller/UserCredentialController.php4
-rw-r--r--app/Validator/UserValidator.php4
2 files changed, 8 insertions, 0 deletions
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index 23e7edba..ae52a13c 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -43,6 +43,10 @@ class UserCredentialController extends BaseController
list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
+ if (! $this->userSession->isAdmin()) {
+ $values['id'] = $this->userSession->getId();
+ }
+
if ($valid) {
if ($this->userModel->update($values)) {
$this->flash->success(t('Password modified successfully.'));
diff --git a/app/Validator/UserValidator.php b/app/Validator/UserValidator.php
index fe402c47..041390a3 100644
--- a/app/Validator/UserValidator.php
+++ b/app/Validator/UserValidator.php
@@ -116,6 +116,10 @@ class UserValidator extends BaseValidator
$v = new Validator($values, array_merge($rules, $this->commonPasswordValidationRules()));
if ($v->execute()) {
+ if (! $this->userSession->isAdmin() && $values['id'] != $this->userSession->getId()) {
+ return array(false, array('current_password' => array('Invalid User ID')));
+ }
+
if ($this->authenticationManager->passwordAuthentication($this->userSession->getUsername(), $values['current_password'], false)) {
return array(true, array());
} else {