From 14af18cb1b81e5dcee70c9eccb35d19f17af6948 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 14 Oct 2011 16:23:16 +0200 Subject: [ticket/9361] View correct error messages when editing account information Currently the "current password" is only checked, when you change something. This means you get "Your profile has been updated." although you enter a wrong password. I also added proper error messages, when you leave the confirm fields empty, and sorted them in the order of the field appearances on the html page. PHPBB3-9361 --- phpBB/includes/ucp/ucp_profile.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'phpBB/includes/ucp/ucp_profile.php') diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index c099e3b3fa..65b32bd0c4 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -78,14 +78,14 @@ class ucp_profile $error = validate_data($data, $check_ary); - if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) + if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) { - $error[] = 'NEW_PASSWORD_ERROR'; + $error[] = ($data['email_confirm']) ? 'NEW_EMAIL_ERROR' : 'NEW_EMAIL_CONFIRM_EMPTY'; } - if (($data['new_password'] || ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email']) || ($data['username'] != $user->data['username'] && $auth->acl_get('u_chgname') && $config['allow_namechange'])) && !phpbb_check_hash($data['cur_password'], $user->data['user_password'])) + if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && $data['password_confirm'] != $data['new_password']) { - $error[] = 'CUR_PASSWORD_ERROR'; + $error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY'; } // Only check the new password against the previous password if there have been no errors @@ -94,9 +94,9 @@ class ucp_profile $error[] = 'SAME_PASSWORD_ERROR'; } - if ($auth->acl_get('u_chgemail') && $data['email'] != $user->data['user_email'] && $data['email_confirm'] != $data['email']) + if (!phpbb_check_hash($data['cur_password'], $user->data['user_password'])) { - $error[] = 'NEW_EMAIL_ERROR'; + $error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY'; } if (!check_form_key('ucp_reg_details')) -- cgit v1.2.1