Require password when changing account information

Since commits daee20c (Require current password when setting a new one,
2020-01-30) and 8fc8898 (Require password when deleting an account,
2020-01-30), changing a password and deleting an account require the
current password. Extend this to all other profile changes.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

2 files changed, 5 insertions, 4 deletions

diff --git a/web/html/account.php b/web/html/account.php
index 03af8d43..ff9aba5b 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -34,7 +34,6 @@ if ($action == "UpdateAccount") {
 			in_request("S"),
 			in_request("E"),
 			in_request("H"),
-			in_request("PO"),
 			in_request("P"),
 			in_request("C"),
 			in_request("R"),
@@ -49,7 +48,9 @@ if ($action == "UpdateAccount") {
 			in_request("UN"),
 			in_request("ON"),
 			in_request("ID"),
-			$row["Username"]);
+			$row["Username"],
+			in_request("passwd")
+		);
 	}
 }
 
diff --git a/web/html/register.php b/web/html/register.php
index 8174e342..610befc4 100644
--- a/web/html/register.php
+++ b/web/html/register.php
@@ -26,7 +26,6 @@ if (in_request("Action") == "NewAccount") {
 		in_request("H"),
 		'',
 		'',
-		'',
 		in_request("R"),
 		in_request("L"),
 		in_request("TZ"),
@@ -40,6 +39,7 @@ if (in_request("Action") == "NewAccount") {
 		in_request("ON"),
 		0,
 		"",
+		'',
 		in_request("captcha_salt"),
 		in_request("captcha"),
 	);
@@ -55,7 +55,6 @@ if (in_request("Action") == "NewAccount") {
 			in_request("H"),
 			'',
 			'',
-			'',
 			in_request("R"),
 			in_request("L"),
 			in_request("TZ"),
@@ -69,6 +68,7 @@ if (in_request("Action") == "NewAccount") {
 			in_request("ON"),
 			0,
 			"",
+			'',
 			in_request("captcha_salt"),
 			in_request("captcha")
 		);