bug #189

includes/account.php

@@ -995,15 +995,21 @@
 			$score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
 						$_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
 
-			$match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
+			if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
+			{
+				$match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
 						(`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
 						`password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
+				$rc = mysql_num_rows($match);
+			} else {
+				$rc = 1;
+			}
 
 			if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
 				echo _("The Pass Phrase you submitted was too short.");
 			} else if($score < 3) {
 				printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
-			} else if(mysql_num_rows($match) <= 0) {
+			} else if($rc <= 0) {
 				echo _("You failed to correctly enter your current Pass Phrase.");
 			} else {
 				mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')

pages/account/14.php

@@ -17,10 +17,12 @@
   <tr>
     <td colspan="2" class="title"><?=_("Change Pass Phrase")?></td>
   </tr>
+<? if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) { ?>
   <tr>
     <td class="DataTD"><?=_("Old Pass Phrase")?>: </td>
     <td class="DataTD"><input type="password" name="oldpassword"></td>
   </tr>
+<? } ?>
   <tr>
     <td class="DataTD"><?=_("New Pass Phrase")?><font color="red">*</font>: </td>
     <td class="DataTD"><input type="password" name="pword1"></td>