From 3e3695e5d3df63ba519633f2aa41ea041e2c18e3 Mon Sep 17 00:00:00 2001
From: touffies <claffont@openstudio.fr>
Date: Thu, 24 Oct 2013 00:17:59 +0200
Subject: [PATCH] Add validation for the current password

---
 core/lib/Thelia/Form/CustomerPasswordUpdateForm.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php b/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php
index 78e1218ff..3b4cfec40 100755
--- a/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php
+++ b/core/lib/Thelia/Form/CustomerPasswordUpdateForm.php
@@ -26,6 +26,7 @@ use Symfony\Component\Validator\Constraints;
 use Symfony\Component\Validator\ExecutionContextInterface;
 use Thelia\Model\ConfigQuery;
 use Thelia\Core\Translation\Translator;
+use Thelia\Model\CustomerQuery;
 
 /**
  * Class CustomerPasswordUpdateForm
@@ -79,7 +80,10 @@ class CustomerPasswordUpdateForm extends BaseForm
 
     public function verifyCurrentPasswordField($value, ExecutionContextInterface $context)
     {
-        // Check current password
+        // Check if value of the old password match the password of the current user
+        if (!password_verify($value, $this->getRequest()->getSession()->getCustomerUser()->getPassword())) {
+            $context->addViolation("Your current password does not match.");
+        }
     }
 
     public function verifyPasswordField($value, ExecutionContextInterface $context)