Profile Change Password – Require Existing Password
-
On the password confirm page on 1.2.4.1 (at url http://mybpurl.com/members/username/settings/) a logged-in user can change their password. This is excellent. The problem is, if a user is logged in on a publicly accessible computer (and forgets to logout) there’s a chance someone else could come around and set a new password.
How can I require a user to enter their existing password before being able to create a new password?
You must be logged in to reply to this topic.
