Skip to content
Permalink
Browse files

Fix for bug 4371 (also SC#199):

Now manually created users with admin privileges and force change password
cannot change their username with impunity.
  • Loading branch information...
defacer
defacer committed Nov 26, 2005
1 parent d4ef3c5 commit 00d94a2001915dc7fbf53c9b7764672ab41c8935
Showing with 13 additions and 5 deletions.
  1. +13 −5 login/change_password.php
@@ -17,9 +17,8 @@
if (!$forcepassword) { // Don't redirect if they just got sent here
require_login($id);
}
if ($frm = data_submitted()) {
if ($frm = data_submitted()) {
validate_form($frm, $err);
check_for_restricted_user($frm->username);
@@ -147,9 +146,18 @@ function validate_form($frm, &$err) {
if (!isadmin() and empty($frm->password)){
$err->password = get_string('missingpassword');
} else {
//require non adminusers to give valid password
if (!isadmin() && !authenticate_user_login($frm->username, $frm->password)){
$err->password = get_string('wrongpassword');
if (!isadmin()) {
//require non adminusers to give valid password
if(!authenticate_user_login($frm->username, $frm->password)) {
$err->password = get_string('wrongpassword');
}
}
else {
// don't allow anyone to change the primary admin's password
$mainadmin = get_admin();
if($frm->username == $mainadmin->username) {
$err->password = get_string('adminprimarynoedit');
}
}
}
}

0 comments on commit 00d94a2

Please sign in to comment.
You can’t perform that action at this time.