github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-19 13:01:51 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

security fix. user verification improvement

Browse source
This commit is contained in:
Serghey Rodin 2014-04-11 04:41:48 +03:00
commit 9f93912546
1 changed files with 1 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/edit/user/index.php
View file

@ -156,13 +156,12 @@ if ($_SESSION['user'] == 'admin') {
} }
// Check user // Check user
$v_username = escapeshellarg($_GET['user']); $v_username = $user;
exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var); exec (VESTA_CMD."v-list-user ".$v_username." json", $output, $return_var);
check_return_code($return_var,$output); check_return_code($return_var,$output);
if (empty($_SESSION['error_msg'])) { if (empty($_SESSION['error_msg'])) {
$data = json_decode(implode('', $output), true); $data = json_decode(implode('', $output), true);
unset($output); unset($output);
$v_username = $_GET['user'];
$v_password = "••••••••"; $v_password = "••••••••";
$v_email = $data[$v_username]['CONTACT']; $v_email = $data[$v_username]['CONTACT'];
$v_fname = $data[$v_username]['FNAME']; $v_fname = $data[$v_username]['FNAME'];
@ -191,8 +190,6 @@ if ($_SESSION['user'] == 'admin') {
// Action // Action
if (!empty($_POST['save'])) { if (!empty($_POST['save'])) {
$v_username = escapeshellarg($_POST['v_username']);
// Change password // Change password
if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) { if (($v_password != $_POST['v_password']) && (empty($_SESSION['error_msg']))) {
$v_password = escapeshellarg($_POST['v_password']); $v_password = escapeshellarg($_POST['v_password']);