Skip to content
Permalink
Browse files

Prevent non-administrators to change the password from other users

  • Loading branch information...
dignajar committed May 28, 2019
1 parent ce3d527 commit a1bb333153fa8ba29a88cfba423d810f509a2b37
Showing with 7 additions and 1 deletion.
  1. +7 −1 bl-kernel/admin/controllers/user-password.php
@@ -13,8 +13,14 @@
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent non-administrators to change other users
$username = $_POST['username'];
if ($login->role()!=='admin') {
$username = $login->username();
}
if (changeUserPassword(array(
'username'=>$_POST['username'],
'username'=>$username,
'newPassword'=>$_POST['newPassword'],
'confirmPassword'=>$_POST['confirmPassword']
))) {

0 comments on commit a1bb333

Please sign in to comment.
You can’t perform that action at this time.