diff options
| -rw-r--r-- | src/sledjchisl/sledjchisl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 9f8ea6f..d150a2f 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c | |||
| @@ -4693,7 +4693,9 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID") | |||
| 4693 | else | 4693 | else |
| 4694 | { | 4694 | { |
| 4695 | // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login. | 4695 | // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login. |
| 4696 | if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0)) | 4696 | // Also only check on login. |
| 4697 | if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0) | ||
| 4698 | && (strcmp("login", Rd->doit) == 0) && (strcmp("accountLogin", Rd->form) == 0)) | ||
| 4697 | { | 4699 | { |
| 4698 | char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed."); | 4700 | char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed."); |
| 4699 | if (NULL == h) | 4701 | if (NULL == h) |