DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Added comments

Browse source
This commit is contained in:
snipe 2020-11-02 20:07:39 -08:00
parent a55694da2f
commit 296655542d
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/Http/Controllers/ProfileController.php
View file

@ -157,6 +157,14 @@ class ProfileController extends Controller
$validator->errors()->add('current_password', trans('validation.hashed_pass'));
}
// This checks to make sure that the user's password isn't the same as their username,
// email address, first name or last name (see https://github.com/snipe/snipe-it/issues/8661)
// While this is handled via SaveUserRequest form request in other places, we have to do this manually
// here because we don't have the username, etc form fields available in the profile password change
// form.
// There may be a more elegant way to do this in the future.
if (($request->input('password') == $user->username) ||
($request->input('password') == $user->email) ||
($request->input('password') == $user->first_name) ||