diff options
-rw-r--r-- | src/sledjchisl/sledjchisl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c index 9f8ea6f..d150a2f 100644 --- a/src/sledjchisl/sledjchisl.c +++ b/src/sledjchisl/sledjchisl.c | |||
@@ -4693,7 +4693,9 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID") | |||
4693 | else | 4693 | else |
4694 | { | 4694 | { |
4695 | // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login. | 4695 | // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login. |
4696 | if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0)) | 4696 | // Also only check on login. |
4697 | if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0) | ||
4698 | && (strcmp("login", Rd->doit) == 0) && (strcmp("accountLogin", Rd->form) == 0)) | ||
4697 | { | 4699 | { |
4698 | char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed."); | 4700 | char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed."); |
4699 | if (NULL == h) | 4701 | if (NULL == h) |