Prevent non-administrators to change the password from other users

This commit is contained in:
Diego Najar 2019-05-28 20:49:29 +02:00
parent ce3d52736f
commit a1bb333153

View File

@ -13,8 +13,14 @@
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent non-administrators to change other users
$username = $_POST['username'];
if ($login->role()!=='admin') {
$username = $login->username();
}
if (changeUserPassword(array(
'username'=>$_POST['username'],
'username'=>$username,
'newPassword'=>$_POST['newPassword'],
'confirmPassword'=>$_POST['confirmPassword']
))) {