Security: check passwords against Have I Been Pwned

[irc/unrealircd/unrealircd-webpanel.git] / settings / user-edit.php

diff --git a/settings/user-edit.php b/settings/user-edit.php
index 02df692f2f503c7775726b7141ba7e72b3e1ae91..4c77f6a118fa3d513485aac8267af392aa5acfe9 100644 (file)
--- a/settings/user-edit.php
+++ b/settings/user-edit.php
@@ -44,6 +44,8 @@ if ($postbutton && $can_edit_profile)
     elseif ($array['update_pass'] == $array['update_pass_conf'])
     {
         $array['update_pass_conf'] = PanelUser::password_hash($array['update_pass_conf']);
+        $edit_user->delete_meta("hibp");
+        $edit_user->HIBP(sha1($array['update_pass']));
         unset($array['update_pass']);
     }
     else