summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Psecio/Gatekeeper/UserModel.php5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Psecio/Gatekeeper/UserModel.php b/src/Psecio/Gatekeeper/UserModel.php
index f294587..1a797f7 100644
--- a/src/Psecio/Gatekeeper/UserModel.php
+++ b/src/Psecio/Gatekeeper/UserModel.php
@@ -477,6 +477,11 @@ class UserModel extends \Psecio\Gatekeeper\Model\Mysql
throw new \InvalidArgumentException('Invalid question/answer data provided.');
}
+ // Ensure that the answer isn't the same as the user's password
+ if (password_verify($data['answer'], $this->password) === true) {
+ throw new \InvalidArgumentException('Security question answer cannot be the same as password.');
+ }
+
$question = new SecurityQuestionModel($this->getDb(), array(
'question' => $data['question'],
'answer' => $data['answer'],