check old password if supplied, RT#13656

[freeside.git] / FS / FS / ClientAPI / MyAccount.pm

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 9a1cc50..9533d6a 100644 (file)
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -433,6 +433,7 @@ sub customer_info {
     if ( $session->{'svcnum'} ) {
       my $cust_svc = qsearchs('cust_svc', { 'svcnum' => $session->{'svcnum'} });
       $return{'svc_label'} = ($cust_svc->label)[1] if $cust_svc;
+      $return{'svcnum'} = $session->{'svcnum'};
     }
 
   } elsif ( $session->{'svcnum'} ) { #no customer record
@@ -500,6 +501,7 @@ sub customer_info_short {
     if ( $session->{'svcnum'} ) {
       my $cust_svc = qsearchs('cust_svc', { 'svcnum' => $session->{'svcnum'} });
       $return{'svc_label'} = ($cust_svc->label)[1] if $cust_svc;
+      $return{'svcnum'} = $session->{'svcnum'};
     }
 
   } elsif ( $session->{'svcnum'} ) { #no customer record
@@ -2146,6 +2148,11 @@ sub myaccount_passwd {
   } )
     or return { 'error' => "Service not found" };
 
+  if ( exists($p->{'old_password'}) ) {
+    return { 'error' => "Incorrect password." };
+      unless $svc_acct->check_password($p->{'old_password'});
+  }
+
   $svc_acct->_password($p->{'new_password'});
   my $error = $svc_acct->replace();