found interesting unintentional "feature" in changePassword.php and oso issue

[Pythoenixx]

apparently our code can let us register as agent and supplier at the same time as long as the password for both acc is different

but since changePassword use username, the agent cannot change his password.

also the acc agent and supplier password cannot be same to let this work , since our addAgent page never validate if the email is already in the database. Hence, letting dupe email to be added

[CyberPvt]

I'll try look into this when I arrive