Commented a bug.

[cocanwiki.git] / scripts / change_password.ml

diff --git a/scripts/change_password.ml b/scripts/change_password.ml
index d189f83..fcb561f 100644 (file)
--- a/scripts/change_password.ml
+++ b/scripts/change_password.ml
@@ -1,7 +1,7 @@
 (* COCANWIKI - a wiki written in Objective CAML.
  * Written by Richard W.M. Jones <rich@merjis.com>.
  * Copyright (C) 2004 Merjis Ltd.
- * $Id: change_password.ml,v 1.1 2004/09/25 13:17:00 rich Exp $
+ * $Id: change_password.ml,v 1.3 2004/10/30 10:16:09 rich Exp $
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -34,11 +34,12 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ user =
   let userid =
     match user with
        Anonymous -> assert false (* cannot happen *)
-      | User (userid, _, _) -> userid in
+      | User (userid, _, _, _) -> userid in
 
   let sth = dbh#prepare_cached "select 1 from users
-                                 where id = ? and password = ?" in
-  sth#execute [`Int userid; `String old_password];
+                                 where hostid = ? and id = ?
+                                   and password = ?" in
+  sth#execute [`Int hostid; `Int userid; `String old_password];
 
   let old_password_ok =
     try 1 = sth#fetch1int ()
@@ -73,8 +74,8 @@ let run r (q : cgi) (dbh : Dbi.connection) hostid _ user =
   let sth =
     dbh#prepare_cached
       "update users set password = ?, force_password_change = false
-        where id = ?" in
-  sth#execute [`String password; `Int userid];
+        where hostid = ? and id = ?" in
+  sth#execute [`String password; `Int hostid; `Int userid];
 
   dbh#commit ();