Fixed password changing

1 files changed, 12 insertions, 4 deletions

diff --git a/controllers/UsersController.php b/controllers/UsersController.php
index 82f70a5..5462d25 100644
--- a/controllers/UsersController.php
+++ b/controllers/UsersController.php
@@ -342,7 +342,7 @@ class UsersController extends \lithium\action\Controller {
 		return $this->redirect('/');
 	}
 
-	private function changePassword()
+	public function changePassword()
 	{
 		//Get the user to verify their current password
 		$input = $this->request->data;
@@ -351,13 +351,21 @@ class UsersController extends \lithium\action\Controller {
 		if ($input)
 		{
 			//Get the user from auth
-			$user = Auth::check('default'); 
-			if(!empty($user) && isset($input['newpass']))
+			$user = Auth::check('default');
+			
+			//Ensure that the passwords are the same.
+			if ($input['newpass'] != $input['confirm'])
+			{
+				//return error
+				return $this->redirect('/'); 
+			} 
+			else if(!empty($user) && isset($input['newpass']))
 			{
 				//find the user by their ID
 				$user = User::find($user['_id']);
 
 				//Set the newpassword, this triggers the hash function in ->save()
+
 				$user->newpass = $input['newpass'];
 
 				//Save the data
@@ -392,7 +400,7 @@ class UsersController extends \lithium\action\Controller {
 			//Save the user.
 			$user->save(null, array('validate' => false));
 		}
-
+		
 		return compact('user');
 	}