diff --git a/includes/account.php b/includes/account.php index b8fed6b..476a0a7 100644 --- a/includes/account.php +++ b/includes/account.php @@ -995,15 +995,21 @@ $score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'], $_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']); - $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and + if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname']) + { + $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and (`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or `password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))"); + $rc = mysql_num_rows($match); + } else { + $rc = 1; + } if(strlen($_SESSION['_config']['user']['pword1']) < 6) { echo _("The Pass Phrase you submitted was too short."); } else if($score < 3) { printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score); - } else if(mysql_num_rows($match) <= 0) { + } else if($rc <= 0) { echo _("You failed to correctly enter your current Pass Phrase."); } else { mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."') diff --git a/pages/account/14.php b/pages/account/14.php index 2e0a744..a32f137 100644 --- a/pages/account/14.php +++ b/pages/account/14.php @@ -17,10 +17,12 @@ + : + *: