Only check password on login.

1 files changed, 3 insertions, 1 deletions

diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 9f8ea6f..d150a2f 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -4693,7 +4693,9 @@ d("Sub accountView %s  %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID")
   else
   {
     // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login.
-    if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0))
+    // Also only check on login.
+    if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0)
+      && (strcmp("login", Rd->doit) == 0) && (strcmp("accountLogin", Rd->form) == 0))
     {
       char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed.");
       if (NULL == h)