diff --git a/app/controllers/settings_controller.rb b/app/controllers/settings_controller.rb
index 95c37e9..0cf0fa1 100644
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@@ -67,9 +67,14 @@ class SettingsController < ApplicationController
def update
@edit_user = @user.clone
- if @edit_user.update_attributes(user_params)
- flash.now[:success] = t('.updatesettingsflash')
- @user = @edit_user
+ if params[:user][:password].empty? ||
+ @user.authenticate(params[:current_password].to_s)
+ if @edit_user.update_attributes(user_params)
+ flash.now[:success] = t('.updatesettingsflash')
+ @user = @edit_user
+ end
+ else
+ flash[:error] = t('.passwordnotcorrect')
end
render :action => "index"
diff --git a/app/views/settings/index.html.erb b/app/views/settings/index.html.erb
index c907ffd..eeb426d 100644
--- a/app/views/settings/index.html.erb
+++ b/app/views/settings/index.html.erb
@@ -18,6 +18,12 @@
+
+ <%= label_tag :current_password, t('.currentpassword'),
+ :class => "required" %>
+ <%= password_field_tag :current_password, nil, :size => 40 %>
+
+
<%= f.label :password, t('.password'), :class => "required" %>
<%= f.password_field :password, :size => 40, :autocomplete => "off" %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index afeb79d..d703d2a 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -250,6 +250,7 @@ en:
accountsettings: "Account Settings"
username: "Username:"
password: "New Password:"
+ currentpassword: "Current Password:"
confirmpassword: "Confirm Password:"
emailaddress: "E-mail Address:"
gravatarized: "
Gravatar'ized"
@@ -328,6 +329,7 @@ en:
verifyenable: "Verify and Enable"
update:
updatesettingsflash: "Successfully updated settings."
+ passwordnotcorrect: "Your password was not correct."
stories:
edit:
edit: "Edit Story"
diff --git a/config/locales/fr.yml b/config/locales/fr.yml
index 2866e08..a614b76 100644
--- a/config/locales/fr.yml
+++ b/config/locales/fr.yml
@@ -260,6 +260,7 @@ fr:
accountsettings: "Paramètres du compte"
username: "Utilisateur :"
password: "Nouveau mot de passe :"
+ currentpassword: "Mot de passe actuel :"
confirmpassword: "Confirmer le mot de passe :"
emailaddress: "Adresse e-mail :"
gravatarized: "
Gravatarisé"
@@ -338,6 +339,7 @@ fr:
verifyenable: "Vérifier et Activer"
update:
updatesettingsflash: "Paramètres mis à jour avec succès."
+ passwordnotcorrect: "Le mot de passe est incorrect."
stories:
edit:
edit: "Éditer l'info"