Permalink
Browse files

Merging from HEAD:

Fix for bug 4371 (also SC#199):

Now manually created users with admin privileges and force change password
cannot change their username with impunity.
  • Loading branch information...
1 parent 68e8fb7 commit 482bad4e8b861849e9697a1cafe8b7fedafeb5f7 defacer committed Nov 26, 2005
Showing with 13 additions and 5 deletions.
  1. +13 −5 login/change_password.php
View
@@ -14,9 +14,8 @@
if (empty($USER->preference['auth_forcepasswordchange'])) { // Don't redirect if they just got sent here
require_login($id);
}
-
- if ($frm = data_submitted()) {
+ if ($frm = data_submitted()) {
validate_form($frm, $err);
check_for_restricted_user($frm->username);
@@ -144,9 +143,18 @@ function validate_form($frm, &$err) {
if (!isadmin() and empty($frm->password)){
$err->password = get_string('missingpassword');
} else {
- //require non adminusers to give valid password
- if (!isadmin() && !authenticate_user_login($frm->username, $frm->password)){
- $err->password = get_string('wrongpassword');
+ if (!isadmin()) {
+ //require non adminusers to give valid password
+ if(!authenticate_user_login($frm->username, $frm->password)) {
+ $err->password = get_string('wrongpassword');
+ }
+ }
+ else {
+ // don't allow anyone to change the primary admin's password
+ $mainadmin = get_admin();
+ if($frm->username == $mainadmin->username) {
+ $err->password = get_string('adminprimarynoedit');
+ }
}
}
}

0 comments on commit 482bad4

Please sign in to comment.