update wrt new perms

author x2000habouzit <x2000habouzit>

Thu, 18 Nov 2004 14:46:24 +0000 (14:46 +0000)

committer x2000habouzit <x2000habouzit>

Thu, 18 Nov 2004 14:46:24 +0000 (14:46 +0000)
author x2000habouzit <x2000habouzit>
Thu, 18 Nov 2004 14:46:24 +0000 (14:46 +0000)
committer x2000habouzit <x2000habouzit>
Thu, 18 Nov 2004 14:46:24 +0000 (14:46 +0000)
diff --git a/htdocs/recovery.php b/htdocs/recovery.php

index 7aa9ad8..2288cb8 100644 (file)
--- a/htdocs/recovery.php
+++ b/htdocs/recovery.php
@@ -18,7 +18,7 @@
   *  Foundation, Inc.,                                                      *
   *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
   ***************************************************************************
-        $Id: recovery.php,v 1.6 2004-11-16 20:36:10 x2000habouzit Exp $
+        $Id: recovery.php,v 1.7 2004-11-18 14:46:24 x2000habouzit Exp $
   ***************************************************************************/
  
  require("auto.prepend.inc.php");
@@ -40,7 +40,7 @@ if (isset($_REQUEST['login']) and isset($_REQUEST['birth']))  {
      $sql="SELECT  user_id, naissance
             FROM  auth_user_md5 AS u
        INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type!='homonyme')
-           WHERE a.alias='$mailorg'";
+           WHERE a.alias='$mailorg' AND u.perms IN ('admin','user')";
      $result=$globals->db->query($sql);
      if (list($uid,$naissance)=mysql_fetch_array($result)) {
          if((strlen($naissance))<5) {
diff --git a/htdocs/tmpPWD.php b/htdocs/tmpPWD.php

index 71fd2c7..e08c64f 100644 (file)
--- a/htdocs/tmpPWD.php
+++ b/htdocs/tmpPWD.php
@@ -18,7 +18,7 @@
   *  Foundation, Inc.,                                                      *
   *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
   ***************************************************************************
-        $Id: tmpPWD.php,v 1.3 2004-11-13 14:16:16 x2000habouzit Exp $
+        $Id: tmpPWD.php,v 1.4 2004-11-18 14:46:24 x2000habouzit Exp $
   ***************************************************************************/
  
  require("auto.prepend.inc.php");
@@ -35,7 +35,7 @@ if ($ligne = mysql_fetch_array($result))  {
      if (!empty($_POST['response2']))  {             // la variable $response existe-t-elle ?
      // OUI, alors changeons le mot de passe
          $password = $_POST['response2'];
-        $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id=".$uid;
+        $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id='$uid' AND perms IN('admin','user')";
          $globals->db->query($sql);
          $logger = new DiogenesCoreLogger($uid);
          $logger->log("passwd","");
author	x2000habouzit <x2000habouzit>
	Thu, 18 Nov 2004 14:46:24 +0000 (14:46 +0000)
committer	x2000habouzit <x2000habouzit>
	Thu, 18 Nov 2004 14:46:24 +0000 (14:46 +0000)
htdocs/recovery.php		patch \| blob \| blame \| history
htdocs/tmpPWD.php		patch \| blob \| blame \| history