[Login] Password reset password mismatch (#6611)

Added a validation to display an error if the 2 passwords do not match in password expiry page. Resolves #6606
aces · Jun 1, 2020 · 67bc7ca · 67bc7ca
1 parent 09a9ad3
commit 67bc7ca
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/modules/login/php/passwordexpiry.class.inc b/modules/login/php/passwordexpiry.class.inc
@@ -88,6 +88,7 @@ class PasswordExpiry extends \NDB_Form
     {
         $this->_user = \User::factory($this->_username);
         $plaintext   = htmlspecialchars_decode($values['password']);
+        $confirm     = htmlspecialchars_decode($values['confirm']);
 
         try {
             new \Password($plaintext);
@@ -101,6 +102,13 @@ class PasswordExpiry extends \NDB_Form
             return array('password' => 'You cannot keep the same password');
         }
 
+        // Ensure that the password and confirm password fields match.
+        // TODO This validation should be done on the front-end too.
+        if ($plaintext !== $confirm) {
+            $this->tpl_data['error_message'] = 'The passwords do not match';
+            return array('password' => 'The passwords do not match');
+        }
+
         return array();
     }