require_once('xorg.inc.php');
-if (Env::has('response2')) {
+if (Post::has('response2')) {
require_once('secure_hash.inc.php');
- $_SESSION['password'] = $password = Post::get('response2');
+ if (hash_encrypt($_SESSION['password'].":".$_SESSION['session']->challenge) != Post::get('response')) {
+ new_skinned_page('motdepasse.tpl', AUTH_MDP);
+ $page->addJsLink('javascript/motdepasse.js');
+ $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
+ $page->trig('Ancien mot de passe erronné');
+ $page->run();
+ }
+ $password = hash_xor(Post::get('response2'), $_SESSION['password']);
+ $_SESSION['password'] = $password;
$globals->xdb->execute('UPDATE auth_user_md5 SET password={?} WHERE user_id={?}', $password, Session::getInt('uid'));