sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use the `current_password` not `password` field when verifying passwords.

This commit is contained in:
Dane Everitt 2017-04-04 12:14:24 -04:00 committed by GitHub
parent 93dc52bbc4
commit faa437b77b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Base/AccountController.php
View File

@ -82,7 +82,7 @@ class AccountController extends Controller
if ( if (
in_array($request->input('do_action'), ['email', 'password']) in_array($request->input('do_action'), ['email', 'password'])
&& ! password_verify($request->input('password'), $request->user()->password) && ! password_verify($request->input('current_password'), $request->user()->password)
) { ) {
Alert::danger(trans('base.account.invalid_pass'))->flash(); Alert::danger(trans('base.account.invalid_pass'))->flash();