aboutsummaryrefslogtreecommitdiffstats
path: root/admin/user_list.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2016-02-12 14:56:00 +0100
committerplegall <plg@piwigo.org>2016-02-12 14:56:00 +0100
commit6290be46f2307e8b47937af153dcf2b66bba2e4e (patch)
tree8e7d9e167e090ffb36f1aa09d85c3596780e5109 /admin/user_list.php
parent718fe065f7cd342b8f5e3fb069aec63138d5b3e8 (diff)
fixes #419, an admin can't change webmaster password
Diffstat (limited to '')
-rw-r--r--admin/user_list.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/admin/user_list.php b/admin/user_list.php
index 183f771f7..6a7a0a2e8 100644
--- a/admin/user_list.php
+++ b/admin/user_list.php
@@ -100,6 +100,8 @@ $protected_users = array(
$conf['webmaster_id'],
);
+$password_protected_users = array($conf['guest_id']);
+
// an admin can't delete other admin/webmaster
if ('admin' == $user['status'])
{
@@ -109,7 +111,12 @@ SELECT
FROM '.USER_INFOS_TABLE.'
WHERE status IN (\'webmaster\', \'admin\')
;';
- $protected_users = array_merge($protected_users, query2array($query, null, 'user_id'));
+ $admin_ids = query2array($query, null, 'user_id');
+
+ $protected_users = array_merge($protected_users, $admin_ids);
+
+ // we add all admin+webmaster users BUT the user herself
+ $password_protected_users = array_merge($password_protected_users, array_diff($admin_ids, array($user['id'])));
}
$template->assign(
@@ -123,6 +130,7 @@ $template->assign(
'language_selected' => get_default_language(),
'association_options' => $groups,
'protected_users' => implode(',', array_unique($protected_users)),
+ 'password_protected_users' => implode(',', array_unique($password_protected_users)),
'guest_user' => $conf['guest_id'],
)
);
@@ -135,7 +143,7 @@ foreach (get_enums(USER_INFOS_TABLE, 'status') as $status)
$pref_status_options = $label_of_status;
-// a simple "admin" can set/remove statuses webmaster/admin
+// a simple "admin" can't set/remove statuses webmaster/admin
if ('admin' == $user['status'])
{
unset($pref_status_options['webmaster']);