change password form: add client-side validation

2 files changed, 32 insertions, 1 deletions

diff --git a/modules/pref-prefs.php b/modules/pref-prefs.php
index 2564f30e4..27dfd6756 100644
--- a/modules/pref-prefs.php
+++ b/modules/pref-prefs.php
@@ -316,7 +316,8 @@
 					owner_uid = ".$_SESSION["uid"]."
 				ORDER BY section_id,short_desc");
 
-			print "<form action=\"backend.php\" method=\"POST\" id=\"pref_prefs_form\">";
+			print "<form onsubmit='return false' action=\"backend.php\" 
+				method=\"POST\" id=\"pref_prefs_form\">";
 
 			$lnum = 0;
 
diff --git a/prefs.js b/prefs.js
index b233d8a1f..2223cd9ee 100644
--- a/prefs.js
+++ b/prefs.js
@@ -1684,6 +1684,36 @@ function changeUserPassword() {
 			return false;
 		}
 	
+		var f = document.forms["change_pass_form"];
+
+		if (f) {
+			if (f.OLD_PASSWORD.value == "") {
+				new Effect.Highlight(f.OLD_PASSWORD);
+				notify_error("Old password cannot be blank.");
+				return false;
+			}
+
+			if (f.NEW_PASSWORD.value == "") {
+				new Effect.Highlight(f.NEW_PASSWORD);
+				notify_error("New password cannot be blank.");
+				return false;
+			}
+
+			if (f.CONFIRM_PASSWORD.value == "") {
+				new Effect.Highlight(f.CONFIRM_PASSWORD);
+				notify_error("Entered passwords do not match.");
+				return false;
+			}
+
+			if (f.CONFIRM_PASSWORD.value != f.NEW_PASSWORD.value) {
+				new Effect.Highlight(f.CONFIRM_PASSWORD);
+				new Effect.Highlight(f.NEW_PASSWORD);
+				notify_error("Entered passwords do not match.");
+				return false;
+			}
+
+		}
+
 		var query = Form.serialize("change_pass_form");
 	
 		notify_progress("Trying to change password...");