Disable user management api functions if LDAP is used for authentication.
This commit is contained in:
parent
89927b47f7
commit
3552da18dc
|
@ -26,6 +26,10 @@ if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
|
||||||
echo "Permission denied!";
|
echo "Permission denied!";
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
|
||||||
|
echo "Permission denied!";
|
||||||
|
exit();
|
||||||
|
}
|
||||||
if(isset($input->action) && $input->action == "addUser") {
|
if(isset($input->action) && $input->action == "addUser") {
|
||||||
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
|
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
|
||||||
$db->beginTransaction();
|
$db->beginTransaction();
|
||||||
|
|
|
@ -22,6 +22,10 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
|
||||||
echo "Permission denied!";
|
echo "Permission denied!";
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
|
||||||
|
echo "Permission denied!";
|
||||||
|
exit();
|
||||||
|
}
|
||||||
if(isset($input->action) && $input->action == "changePassword") {
|
if(isset($input->action) && $input->action == "changePassword") {
|
||||||
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
|
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
|
||||||
$stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id");
|
$stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id");
|
||||||
|
|
|
@ -26,6 +26,10 @@ if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
|
||||||
echo "Permission denied!";
|
echo "Permission denied!";
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
|
||||||
|
echo "Permission denied!";
|
||||||
|
exit();
|
||||||
|
}
|
||||||
if(isset($input->action) && $input->action == "getUsers") {
|
if(isset($input->action) && $input->action == "getUsers") {
|
||||||
$sql = "
|
$sql = "
|
||||||
SELECT id,name,type
|
SELECT id,name,type
|
||||||
|
|
Loading…
Reference in a new issue