You could attempt to authenticate again using the current password and
then only change the password if authentication was successful. Just
be sure you don't overwrite your current_user (or whatever you use) so
that the user isn't logged out upon providing an incorrect current
password. In other words, don't just duplicate your existing login
logic.
> --
> You received this message because you are subscribed to the Google Groups "Authlogic" group.
> To post to this group, send email to auth...@googlegroups.com.
> To unsubscribe from this group, send email to authlogic+...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/authlogic?hl=en.
>
>