[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin re
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin recheck the password |
Date: |
Sun, 5 Feb 2023 04:41:39 -0500 (EST) |
sparkyx pushed a commit to branch devel
in repository noalyss.
commit e29412c2baab988111a5714ae53557e41a37fa3a
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sat Jan 14 14:07:06 2023 +0100
Improve security : function isAdmin recheck the password
---
html/user_login.php | 4 ++--
include/ajax/ajax_admin.php | 2 +-
include/class/noalyss_user.class.php | 10 +++++-----
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/html/user_login.php b/html/user_login.php
index e4477ff43..126a4ebec 100644
--- a/html/user_login.php
+++ b/html/user_login.php
@@ -98,7 +98,7 @@ if ( $version < DBVERSIONREPO )
echo '<a hreF="'.$base.'">'.$a.'</a></h2>';
}
-if ( $User->Admin() == 1)
+if ( $User->isAdmin() == 1)
{
if (SITE_UPDATE !="") {
$update=@file_get_contents(SITE_UPDATE);
@@ -137,7 +137,7 @@ load_all_script();
$result="";
$result.="<table border=\"0\">";
$result.='<TR>';
-if ( $User->Admin() == 1 )
+if ( $User->isAdmin() == 1 )
{
$result.="<TD class=\"tool\" ><A class=\"cell\"
HREF=\"admin-noalyss.php\">"._("Administration")." </A></TD>";
}
diff --git a/include/ajax/ajax_admin.php b/include/ajax/ajax_admin.php
index 5715b3c29..b49d96053 100644
--- a/include/ajax/ajax_admin.php
+++ b/include/ajax/ajax_admin.php
@@ -28,7 +28,7 @@ if (!defined('ALLOWED'))
* @see admin-noalyss.php ajax_misc.php admin.js
*/
global $g_user;
-if ($g_user->Admin()==0)
+if ($g_user->isAdmin()==0)
{
die();
}
diff --git a/include/class/noalyss_user.class.php
b/include/class/noalyss_user.class.php
index f7bce1716..0394287d0 100644
--- a/include/class/noalyss_user.class.php
+++ b/include/class/noalyss_user.class.php
@@ -657,25 +657,25 @@ class Noalyss_User
* synomym for isAdmin,
* @deprecated
*/
- function Admin()
+ function Admin():int
{
return $this->isAdmin();
}
/**
- * @brief Check if an user is an admin
+ * @brief Check if an user is an admin and check also his password
*
* @return 1 for yes 0 for no
*/
- function isAdmin()
+ function isAdmin():int
{
$this->admin=0;
$pass5=$this->password;
$sql="select count(*) from ac_users where use_login=$1
- and use_active=1 and use_admin=1 ";
+ and use_active=1 and use_admin=1 and use_pass=$2 ";
$cn=new Database();
- $this->admin=$cn->get_value($sql, array($this->login));
+ $this->admin=$cn->get_value($sql, array($this->login,$pass5));
return $this->admin;
}
- [Noalyss-commit] [noalyss] 03/34: Bug : default accounting override existing one, (continued)
- [Noalyss-commit] [noalyss] 03/34: Bug : default accounting override existing one, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 10/34: Bug : default accounting override existing one, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 13/34: Improve security : function isAdmin recheck the password, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 17/34: Fix : if there is no stock there is an exception instead of a warning, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 15/34: Fix : the select range select also the hidden element, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 05/34: Fix : generate_random_string returns always same value , due to a change in srand(), Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 21/34: Cosmetic : improve CSS for enrich text, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 26/34: Task #0002219: Compatibilit PHP 8.2, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 28/34: Task #0002209: CG – Dans le menu d'actions sur une opération, remplacer «Effacer» par «Supprimer», Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 09/34: Bug : default accounting override existing one, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin recheck the password,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 08/34: Fix : the select range select also the hidden element, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 02/34: Fix bug : return void, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 16/34: Documentation, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 14/34: Improve security : replace $_POST by Http_Input, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 24/34: Bug #0002231: "Payée par" - date non prise en compte, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 29/34: Bug #0002219: Compatibilité PHP 8.2 , 8.1 , 8.0, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 31/34: Merge branch 'master' into devel, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 32/34: Cosmetic #0002204: CA : balance croisée double - affichage brouillon, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 18/34: Cosmetic : improve CSS for enrich text, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 25/34: Merge branch 'devel', Dany De Bontridder, 2023/02/05