deblan/pdnsmanager
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Disable user management api functions if LDAP is used for authentication.

Browse source
This commit is contained in:
Jens Meißner 2017-11-25 14:52:28 +01:00
parent 89927b47f7
commit 3552da18dc
3 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/edit-user.php
View file

@ -26,6 +26,10 @@ if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
echo "Permission denied!";
exit();
}
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
echo "Permission denied!";
exit();
}
if(isset($input->action) && $input->action == "addUser") {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$db->beginTransaction();

4
api/password.php
View file

@ -22,6 +22,10 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
echo "Permission denied!";
exit();
}
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
echo "Permission denied!";
exit();
}
if(isset($input->action) && $input->action == "changePassword") {
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
$stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id");

4
api/users.php
View file

@ -26,6 +26,10 @@ if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
echo "Permission denied!";
exit();
}
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
echo "Permission denied!";
exit();
}
if(isset($input->action) && $input->action == "getUsers") {
$sql = "
SELECT id,name,type