From 924d03e7e0bb4f13812ab14ec6fef2c1fb386efa Mon Sep 17 00:00:00 2001
From: nathangray <nathangray.bsc+github@gmail.com>
Date: Tue, 13 Nov 2018 15:57:20 -0700
Subject: [PATCH] Check that account passwords are the same, and fail if they
 aren't

---
 admin/inc/class.admin_account.inc.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/admin/inc/class.admin_account.inc.php b/admin/inc/class.admin_account.inc.php
index 8d599eb9a8..447fb4404e 100644
--- a/admin/inc/class.admin_account.inc.php
+++ b/admin/inc/class.admin_account.inc.php
@@ -139,6 +139,10 @@ class admin_account
 		$content['account_firstname'] = $content['n_given'];
 		$content['account_lastname'] = $content['n_family'];
 		$content['account_email'] = $content['email'];
+		if($content['account_passwd'] && $content['account_passwd'] !== $content['account_passwd_2'])
+		{
+			throw new Api\Exception\WrongUserinput('Passwords are not the same');
+		}
 		if (!empty($content['old_account']))
 		{
 			$old = array_diff_assoc($content['old_account'], $content);
@@ -147,6 +151,11 @@ class admin_account
 			{
 				$old['account_groups'] = $content['old_account']['account_groups'];
 			}
+			if($content['account_passwd'])
+			{
+				// Don't put password into history
+				$old['account_passwd'] = '';
+			}
 		}
 		if ($content['deny_edit'] || $old === array())
 		{