From 61288e89d9da55e07c5c650a1b38d7bf2b62edd2 Mon Sep 17 00:00:00 2001
From: "Paul S. Owen" <psotfx@users.sourceforge.net>
Date: Wed, 10 Oct 2001 17:55:39 +0000
Subject: [PATCH] Send new password + old password check stuff ... this time
 I'm fairly confident it works

git-svn-id: file:///svn/phpbb/trunk@1157 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/profile.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/phpBB/profile.php b/phpBB/profile.php
index fa108eee96..194a2c99b0 100644
--- a/phpBB/profile.php
+++ b/phpBB/profile.php
@@ -539,8 +539,6 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 				}
 				else
 				{
-					$password = md5($password);
-
 					if( $mode == "editprofile" )
 					{
 						$sql = "SELECT user_password 
@@ -550,7 +548,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 						{
 							$row = $db->sql_fetchrow($result);
 
-							if( $row['user_password'] != $password_current )
+							if( $row['user_password'] != md5($password_current) )
 							{
 								$error = TRUE;
 								$error_msg = $lang['Current_password_mismatch'];
@@ -564,6 +562,7 @@ if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
 					
 					if( !$error )
 					{
+						$password = md5($password);
 						$passwd_sql = "user_password = '$password', ";
 					}
 				}