diff options
author | plegall <plg@piwigo.org> | 2016-02-12 14:56:00 +0100 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2016-02-12 14:56:00 +0100 |
commit | 6290be46f2307e8b47937af153dcf2b66bba2e4e (patch) | |
tree | 8e7d9e167e090ffb36f1aa09d85c3596780e5109 /admin/user_list.php | |
parent | 718fe065f7cd342b8f5e3fb069aec63138d5b3e8 (diff) |
fixes #419, an admin can't change webmaster password
Diffstat (limited to '')
-rw-r--r-- | admin/user_list.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/admin/user_list.php b/admin/user_list.php index 183f771f7..6a7a0a2e8 100644 --- a/admin/user_list.php +++ b/admin/user_list.php @@ -100,6 +100,8 @@ $protected_users = array( $conf['webmaster_id'], ); +$password_protected_users = array($conf['guest_id']); + // an admin can't delete other admin/webmaster if ('admin' == $user['status']) { @@ -109,7 +111,12 @@ SELECT FROM '.USER_INFOS_TABLE.' WHERE status IN (\'webmaster\', \'admin\') ;'; - $protected_users = array_merge($protected_users, query2array($query, null, 'user_id')); + $admin_ids = query2array($query, null, 'user_id'); + + $protected_users = array_merge($protected_users, $admin_ids); + + // we add all admin+webmaster users BUT the user herself + $password_protected_users = array_merge($password_protected_users, array_diff($admin_ids, array($user['id']))); } $template->assign( @@ -123,6 +130,7 @@ $template->assign( 'language_selected' => get_default_language(), 'association_options' => $groups, 'protected_users' => implode(',', array_unique($protected_users)), + 'password_protected_users' => implode(',', array_unique($password_protected_users)), 'guest_user' => $conf['guest_id'], ) ); @@ -135,7 +143,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status) $pref_status_options = $label_of_status; -// a simple "admin" can set/remove statuses webmaster/admin +// a simple "admin" can't set/remove statuses webmaster/admin if ('admin' == $user['status']) { unset($pref_status_options['webmaster']); |