aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/src/sledjchisl
diff options
context:
space:
mode:
Diffstat (limited to 'src/sledjchisl')
-rw-r--r--src/sledjchisl/sledjchisl.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/sledjchisl/sledjchisl.c b/src/sledjchisl/sledjchisl.c
index 9f8ea6f..d150a2f 100644
--- a/src/sledjchisl/sledjchisl.c
+++ b/src/sledjchisl/sledjchisl.c
@@ -4693,7 +4693,9 @@ d("Sub accountView %s %s %s", getStrH(Rd->database, "UserAccounts.PrincipalID")
4693 else 4693 else
4694 { 4694 {
4695 // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login. 4695 // Check password on POST if the session user is the same as the shown user, coz this is the page shown on login.
4696 if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0)) 4696 // Also only check on login.
4697 if ((strcmp("POST", Rd->Method) == 0) && (strcmp(Rd->shs.UUID, getStrH(Rd->database, "UserAccounts.PrincipalID")) == 0)
4698 && (strcmp("login", Rd->doit) == 0) && (strcmp("accountLogin", Rd->form) == 0))
4697 { 4699 {
4698 char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed."); 4700 char *h = checkSLOSpassword(Rd, getStrH(Rd->database, "auth.passwordSalt"), getStrH(Rd->body, "password"), getStrH(Rd->database, "auth.passwordHash"), "Login failed.");
4699 if (NULL == h) 4701 if (NULL == h)