Disable user management api functions if LDAP is used for authentication.
This commit is contained in:
parent
89927b47f7
commit
3552da18dc
|
@ -26,6 +26,10 @@ if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
|
|||
echo "Permission denied!";
|
||||
exit();
|
||||
}
|
||||
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
|
||||
echo "Permission denied!";
|
||||
exit();
|
||||
}
|
||||
if(isset($input->action) && $input->action == "addUser") {
|
||||
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
|
||||
$db->beginTransaction();
|
||||
|
|
|
@ -22,6 +22,10 @@ if(!isset($input->csrfToken) || $input->csrfToken !== $_SESSION['csrfToken']) {
|
|||
echo "Permission denied!";
|
||||
exit();
|
||||
}
|
||||
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
|
||||
echo "Permission denied!";
|
||||
exit();
|
||||
}
|
||||
if(isset($input->action) && $input->action == "changePassword") {
|
||||
$passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
|
||||
$stmt = $db->prepare("UPDATE users SET password=:password WHERE id=:id");
|
||||
|
|
|
@ -26,6 +26,10 @@ if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
|
|||
echo "Permission denied!";
|
||||
exit();
|
||||
}
|
||||
if(!isset($_SESSION['id']) || $_SESSION['id'] == 0) {
|
||||
echo "Permission denied!";
|
||||
exit();
|
||||
}
|
||||
if(isset($input->action) && $input->action == "getUsers") {
|
||||
$sql = "
|
||||
SELECT id,name,type
|
||||
|
|
Loading…
Reference in a new issue