servnest/pg-act/auth/password.php

<?php

checkPasswordFormat($_POST['new-password']);

if (checkPassword($_SESSION['id'], $_POST['current-password']) !== true)
	output(403, _('Wrong current password.'));

rateLimit();

changePassword($_SESSION['id'], $_POST['new-password']);

output(200, _('Password updated.'));