Prevent non-administrators to change the password from other users
This commit is contained in:
parent
ce3d52736f
commit
a1bb333153
@ -13,8 +13,14 @@
|
||||
// ============================================================================
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
||||
// Prevent non-administrators to change other users
|
||||
$username = $_POST['username'];
|
||||
if ($login->role()!=='admin') {
|
||||
$username = $login->username();
|
||||
}
|
||||
|
||||
if (changeUserPassword(array(
|
||||
'username'=>$_POST['username'],
|
||||
'username'=>$username,
|
||||
'newPassword'=>$_POST['newPassword'],
|
||||
'confirmPassword'=>$_POST['confirmPassword']
|
||||
))) {
|
||||
|
Loading…
Reference in New Issue
Block a user