From: x2000habouzit Date: Thu, 18 Nov 2004 14:46:24 +0000 (+0000) Subject: update wrt new perms X-Git-Tag: xorg/old~891 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=af162d393de7dbef1a58902ab1a0be8a95211717;p=platal.git update wrt new perms --- diff --git a/htdocs/recovery.php b/htdocs/recovery.php index 7aa9ad8..2288cb8 100644 --- a/htdocs/recovery.php +++ b/htdocs/recovery.php @@ -18,7 +18,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: recovery.php,v 1.6 2004-11-16 20:36:10 x2000habouzit Exp $ + $Id: recovery.php,v 1.7 2004-11-18 14:46:24 x2000habouzit Exp $ ***************************************************************************/ require("auto.prepend.inc.php"); @@ -40,7 +40,7 @@ if (isset($_REQUEST['login']) and isset($_REQUEST['birth'])) { $sql="SELECT user_id, naissance FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (u.user_id=a.id AND type!='homonyme') - WHERE a.alias='$mailorg'"; + WHERE a.alias='$mailorg' AND u.perms IN ('admin','user')"; $result=$globals->db->query($sql); if (list($uid,$naissance)=mysql_fetch_array($result)) { if((strlen($naissance))<5) { diff --git a/htdocs/tmpPWD.php b/htdocs/tmpPWD.php index 71fd2c7..e08c64f 100644 --- a/htdocs/tmpPWD.php +++ b/htdocs/tmpPWD.php @@ -18,7 +18,7 @@ * Foundation, Inc., * * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * *************************************************************************** - $Id: tmpPWD.php,v 1.3 2004-11-13 14:16:16 x2000habouzit Exp $ + $Id: tmpPWD.php,v 1.4 2004-11-18 14:46:24 x2000habouzit Exp $ ***************************************************************************/ require("auto.prepend.inc.php"); @@ -35,7 +35,7 @@ if ($ligne = mysql_fetch_array($result)) { if (!empty($_POST['response2'])) { // la variable $response existe-t-elle ? // OUI, alors changeons le mot de passe $password = $_POST['response2']; - $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id=".$uid; + $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id='$uid' AND perms IN('admin','user')"; $globals->db->query($sql); $logger = new DiogenesCoreLogger($uid); $logger->log("passwd","");