r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Prevent non-administrators to change the password from other users

This commit is contained in:
Diego Najar 2019-05-28 20:49:29 +02:00
parent ce3d52736f
commit a1bb333153
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bl-kernel/admin/controllers/user-password.php
View File

@ -13,8 +13,14 @@
// ============================================================================ // ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent non-administrators to change other users
$username = $_POST['username'];
if ($login->role()!=='admin') {
$username = $login->username();
}
if (changeUserPassword(array( if (changeUserPassword(array(
'username'=>$_POST['username'], 'username'=>$username,
'newPassword'=>$_POST['newPassword'], 'newPassword'=>$_POST['newPassword'],
'confirmPassword'=>$_POST['confirmPassword'] 'confirmPassword'=>$_POST['confirmPassword']
))) { ))) {