1 files changed, 4 insertions, 1 deletions

diff --git a/app.py b/app.py
index 518be05..7c2a1cf 100644
--- a/app.py
+++ b/app.py
@@ -52,6 +52,7 @@ def index():
 @logout_required
 def register():
     #TODO: check for double uids
+    #TODO: check for double mails
     form = RegisterForm(request.form)
     if request.method == 'POST' and form.validate():
         username = form.username.data
@@ -164,6 +165,7 @@ def settings():
 
         if request.form.get('submit_main'):
             if form.mail.data and form.mail.data != g.user.mail:
+                #TODO: check for uniqueness
                 confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data))
                 confirm_link = url_for('change_mail', token=confirm_token, _external=True)
 
@@ -179,7 +181,7 @@ def settings():
                 changed = True
 
             if form.password.data:
-                g.user.change_password(form.password.data, session['password'])
+                g.user.change_password(form.password.data, decrypt_password(session['password']))
                 session['password'] = encrypt_password(form.password.data)
 
                 flash(u'Passwort geändert', 'success')
@@ -211,6 +213,7 @@ def settings():
 @app.route('/settings/change_mail/<token>')
 @login_required
 def change_mail(token):
+    #TODO: check for uniqueness
     username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60)
 
     if g.user.uid != username: