Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use the current_password not password field when verifying passwords.

Browse source
This commit is contained in:
Dane Everitt 2017-04-04 12:14:24 -04:00 committed by GitHub
parent 93dc52bbc4
commit faa437b77b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/Http/Controllers/Base/AccountController.php
View file

@ -82,7 +82,7 @@ class AccountController extends Controller
if ( if (
in_array($request->input('do_action'), ['email', 'password']) in_array($request->input('do_action'), ['email', 'password'])
&& ! password_verify($request->input('password'), $request->user()->password) && ! password_verify($request->input('current_password'), $request->user()->password)
) { ) {
Alert::danger(trans('base.account.invalid_pass'))->flash(); Alert::danger(trans('base.account.invalid_pass'))->flash();