diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/Psecio/Gatekeeper/UserModel.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/Psecio/Gatekeeper/UserModel.php b/src/Psecio/Gatekeeper/UserModel.php index f294587..1a797f7 100644 --- a/src/Psecio/Gatekeeper/UserModel.php +++ b/src/Psecio/Gatekeeper/UserModel.php @@ -477,6 +477,11 @@ class UserModel extends \Psecio\Gatekeeper\Model\Mysql throw new \InvalidArgumentException('Invalid question/answer data provided.'); } + // Ensure that the answer isn't the same as the user's password + if (password_verify($data['answer'], $this->password) === true) { + throw new \InvalidArgumentException('Security question answer cannot be the same as password.'); + } + $question = new SecurityQuestionModel($this->getDb(), array( 'question' => $data['question'], 'answer' => $data['answer'], |