amorfo77/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2026-05-30 23:45:24 +00:00
Code Issues Projects Releases Wiki Activity

[Web] Add password change acl

Browse Source
This commit is contained in:
FreddleSpl0it
2026-05-06 11:01:15 +02:00
parent 886dbcc419
commit 32014dfcec
9 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/web/inc/functions.inc.php
+8
View File
@@ -1035,6 +1035,14 @@ function edit_user_account($_data) {
// edit password
$is_forced_pw_update = !empty($_SESSION['pending_pw_update']);
if (((!empty($password_old) || $is_forced_pw_update) && !empty($_data['user_new_pass']) && !empty($_data['user_new_pass2']))) {
if (!$is_forced_pw_update && (!isset($_SESSION['acl']['pw_change']) || $_SESSION['acl']['pw_change'] != "1")) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_data_log),
'msg' => 'access_denied'
);
return false;
}
// Only verify old password if this is NOT a forced password update
if (!$is_forced_pw_update) {
$stmt = $pdo->prepare("SELECT `password` FROM `mailbox`