Permalink
Browse files

Don't allow guest user to change or reset password

  • Loading branch information...
martin
martin committed Aug 5, 2002
1 parent 64eacd6 commit 0bb2c9f70cd9a8c7a2b2b79e75d8bc84b401fc59
Showing with 15 additions and 4 deletions.
  1. +11 −4 login/change_password.php
  2. +4 −0 login/forgot_password.php
View
@@ -13,15 +13,22 @@
if (!count((array)$err)) {
$username = $frm->username;
- $password = $frm->newpassword1;
+ $password = md5($frm->newpassword1);
+
+ $user = get_user_info_from_db("username", $username);
+
+ if (isguest($user->id)) {
+ error("Can't change guest password!");
+ }
- if (! set_field("user", "password", md5($frm->newpassword1), "username", $frm->username)) {
+ if (set_field("user", "password", $password, "username", $username)) {
+ $user->password = $password;
+ } else {
error("Could not set the new password");
}
unset($USER);
-
- $USER = get_user_info_from_db("username", $username);
+ $USER = $user;
$USER->loggedin = true;
set_moodle_cookie($USER->username);
@@ -16,6 +16,10 @@
error("No such user with this address: $frm->email");
}
+ if (isguest($user->id)) {
+ error("Can't change guest password!");
+ }
+
if (! reset_password_and_mail($user)) {
error("Could not reset password and mail the new one to you");
}

0 comments on commit 0bb2c9f

Please sign in to comment.