diff --git a/includes/account.php b/includes/account.php
index b8fed6b..476a0a7 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -995,15 +995,21 @@
$score = checkpw($_SESSION['_config']['user']['pword1'], $_SESSION['profile']['email'], $_SESSION['profile']['fname'],
$_SESSION['profile']['mname'], $_SESSION['profile']['lname'], $_SESSION['profile']['suffix']);
- $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
+ if($_SESSION['_config']['hostname'] != $_SESSION['_config']['securehostname'])
+ {
+ $match = mysql_query("select * from `users` where `id`='".$_SESSION['profile']['id']."' and
(`password`=old_password('".$_SESSION['_config']['user']['oldpass']."') or
`password`=sha1('".$_SESSION['_config']['user']['oldpass']."'))");
+ $rc = mysql_num_rows($match);
+ } else {
+ $rc = 1;
+ }
if(strlen($_SESSION['_config']['user']['pword1']) < 6) {
echo _("The Pass Phrase you submitted was too short.");
} else if($score < 3) {
printf(_("The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored %s points out of 6."), $score);
- } else if(mysql_num_rows($match) <= 0) {
+ } else if($rc <= 0) {
echo _("You failed to correctly enter your current Pass Phrase.");
} else {
mysql_query("update `users` set `password`=sha1('".$_SESSION['_config']['user']['pword1']."')
diff --git a/pages/account/14.php b/pages/account/14.php
index 2e0a744..a32f137 100644
--- a/pages/account/14.php
+++ b/pages/account/14.php
@@ -17,10 +17,12 @@
|
+
| : |
|
+
| *: |
|