prevent admin hijacks
This commit is contained in:
parent
45c1559b38
commit
bb0c24bd4f
|
@ -127,7 +127,7 @@ function notifications_content(&$a) {
|
||||||
notice( t('No notifications.') . EOL);
|
notice( t('No notifications.') . EOL);
|
||||||
|
|
||||||
if ($a->config['register_policy'] = REGISTER_APPROVE &&
|
if ($a->config['register_policy'] = REGISTER_APPROVE &&
|
||||||
$a->config['admin_email'] = $a->user['email']){
|
$a->config['admin_email'] === $a->user['email']){
|
||||||
$o .= load_view_file('view/registrations-top.tpl');
|
$o .= load_view_file('view/registrations-top.tpl');
|
||||||
|
|
||||||
$r = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
|
$r = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
|
||||||
|
|
|
@ -12,6 +12,11 @@ function regmod_content(&$a) {
|
||||||
return $o;
|
return $o;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if((! (x($a->config,'admin_email'))) || ($a->config['admin_email'] !== $a->user['email'])) {
|
||||||
|
notice( t('Permission denied.') . EOL);
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
|
||||||
if($a->argc != 3)
|
if($a->argc != 3)
|
||||||
killme();
|
killme();
|
||||||
|
|
||||||
|
|
|
@ -95,6 +95,10 @@ function settings_post(&$a) {
|
||||||
$email_changed = true;
|
$email_changed = true;
|
||||||
if(! valid_email($email))
|
if(! valid_email($email))
|
||||||
$err .= t(' Not valid email.');
|
$err .= t(' Not valid email.');
|
||||||
|
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
|
||||||
|
$err .= t(' Cannot change to that email.');
|
||||||
|
$email = $a->user['email'];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(strlen($err)) {
|
if(strlen($err)) {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user