Mirrors/Codiad
2
0
Fork 0
mirror of https://github.com/Codiad/Codiad.git synced 2026-03-06 17:26:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

security checks to prevent unwanted changes

Browse Source
This commit is contained in:
daeks
2013-04-05 16:08:51 +02:00
parent 0255aa5171
commit 5ce3f00a11
5 changed files with 43 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
components/user/controller.php
View File

@@ -48,9 +48,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='create'){
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
if(checkAccess()) {
$User->username = User::CleanUsername( $_POST['username'] );
$User->password = $_POST['password'];
$User->Create();
}
}
//////////////////////////////////////////////////////////////////
@@ -58,8 +60,10 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='delete'){
$User->username = $_GET['username'];
$User->Delete();
if(checkAccess()) {
$User->username = $_GET['username'];
$User->Delete();
}
}
//////////////////////////////////////////////////////////////////
@@ -67,9 +71,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='project_access'){
$User->username = $_GET['username'];
$User->projects = $_POST['projects'];
$User->Project_Access();
if(checkAccess()) {
$User->username = $_GET['username'];
$User->projects = $_POST['projects'];
$User->Project_Access();
}
}
//////////////////////////////////////////////////////////////////
@@ -77,9 +83,11 @@
//////////////////////////////////////////////////////////////////
if($_GET['action']=='password'){
$User->username = $_POST['username'];
$User->password = $_POST['password'];
$User->Password();
if(checkAccess() || $_POST['username'] == $_SESSION['user']) {
$User->username = $_POST['username'];
$User->password = $_POST['password'];
$User->Password();
}
}
//////////////////////////////////////////////////////////////////