From b41bd1e7f3fdc50d93e82b0eb59f6e0b7aff96d3 Mon Sep 17 00:00:00 2001
From: Abhishek Pai <abpai94@gmail.com>
Date: Thu, 8 Aug 2024 14:02:54 +0200
Subject: [PATCH] #126: Ensuring old password is required only with anonymous
 password reset.

---
 htdocs/resetpassword.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/htdocs/resetpassword.php b/htdocs/resetpassword.php
index 74160a6..088da23 100644
--- a/htdocs/resetpassword.php
+++ b/htdocs/resetpassword.php
@@ -26,10 +26,10 @@
     $result = "passwordrequired";
 }
 
-if (isset($_POST["oldpassword"]) and $_POST["oldpassword"]) {
-    $oldpassword = $_POST["oldpassword"];
-} else {
+if ($audit_admin === "anonymous" and !isset($_POST["oldpassword"]) and !$_POST["oldpassword"]) {
     $result = "oldpasswordrequired";
+} else {
+    $oldpassword = $_POST["oldpassword"];
 }
 
 if (isset($_POST["pwdreset"]) and $_POST["pwdreset"]) {