Use the current_password not password field when verifying passwords.

2025-05-20 15:44:45 +02:00 · 2017-04-04 12:14:24 -04:00 · 2017-04-04 12:14:24 -04:00 · faa437b77b
commit faa437b77b
parent 93dc52bbc4
1 changed files with 1 additions and 1 deletions
--- a/app/Http/Controllers/Base/AccountController.php
+++ b/app/Http/Controllers/Base/AccountController.php
@ -82,7 +82,7 @@ class AccountController extends Controller

        if (
            in_array($request->input('do_action'), ['email', 'password'])
-            && ! password_verify($request->input('password'), $request->user()->password)
+            && ! password_verify($request->input('current_password'), $request->user()->password)
        ) {
            Alert::danger(trans('base.account.invalid_pass'))->flash();