From 9997ca8eaafd80c8b43fa259d2152d8093257a66 Mon Sep 17 00:00:00 2001
From: Michael Francis <edude03@gmail.com>
Date: Tue, 21 Jun 2011 09:38:23 -0400
Subject: Fixed password changing

---
 controllers/UsersController.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'controllers')

diff --git a/controllers/UsersController.php b/controllers/UsersController.php
index 82f70a5..5462d25 100644
--- a/controllers/UsersController.php
+++ b/controllers/UsersController.php
@@ -342,7 +342,7 @@ class UsersController extends \lithium\action\Controller {
 		return $this->redirect('/');
 	}
 
-	private function changePassword()
+	public function changePassword()
 	{
 		//Get the user to verify their current password
 		$input = $this->request->data;
@@ -351,13 +351,21 @@ class UsersController extends \lithium\action\Controller {
 		if ($input)
 		{
 			//Get the user from auth
-			$user = Auth::check('default'); 
-			if(!empty($user) && isset($input['newpass']))
+			$user = Auth::check('default');
+			
+			//Ensure that the passwords are the same.
+			if ($input['newpass'] != $input['confirm'])
+			{
+				//return error
+				return $this->redirect('/'); 
+			} 
+			else if(!empty($user) && isset($input['newpass']))
 			{
 				//find the user by their ID
 				$user = User::find($user['_id']);
 
 				//Set the newpassword, this triggers the hash function in ->save()
+
 				$user->newpass = $input['newpass'];
 
 				//Save the data
@@ -392,7 +400,7 @@ class UsersController extends \lithium\action\Controller {
 			//Save the user.
 			$user->save(null, array('validate' => false));
 		}
-
+		
 		return compact('user');
 	}
 
-- 
cgit v1.2.3