From faa437b77ba53b9da3aeb6474a71872c8aaabd2d Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Tue, 4 Apr 2017 12:14:24 -0400
Subject: [PATCH] Use the `current_password` not `password` field when
 verifying passwords.

---
 app/Http/Controllers/Base/AccountController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Base/AccountController.php b/app/Http/Controllers/Base/AccountController.php
index 99b95027..10c33e38 100644
--- a/app/Http/Controllers/Base/AccountController.php
+++ b/app/Http/Controllers/Base/AccountController.php
@@ -82,7 +82,7 @@ class AccountController extends Controller
 
         if (
             in_array($request->input('do_action'), ['email', 'password'])
-            && ! password_verify($request->input('password'), $request->user()->password)
+            && ! password_verify($request->input('current_password'), $request->user()->password)
         ) {
             Alert::danger(trans('base.account.invalid_pass'))->flash();