diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index c5cdbcef05..2a8e428fde 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -10,7 +10,7 @@ $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $password = $_POST["password"]; // Check if we are a user -if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' )&& $username!=OC_User::getUser())) { +if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$password)))) { echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); }