mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-06 08:47:45 +02:00
Code Issues Releases Wiki Activity

Do not allow password reminders if u_passchg permission is not given. (Bug #14806)

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8977 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2008-10-06 14:04:33 +00:00
parent b4d2641a59
commit d8bb304210
3 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/includes/ucp/ucp_remind.php
View File

@@ -36,7 +36,7 @@ class ucp_remind
if ($submit)
{
$sql = 'SELECT user_id, username, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
$sql = 'SELECT user_id, username, user_permissions, user_email, user_jabber, user_notify_type, user_type, user_lang, user_inactive_reason
FROM ' . USERS_TABLE . "
WHERE user_email = '" . $db->sql_escape($email) . "'
AND username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
@@ -66,6 +66,15 @@ class ucp_remind
}
}
// Check users permissions
$auth2 = new auth();
$auth2->acl($user_row);
if (!$auth2->acl_get('u_chgpasswd'))
{
trigger_error('NO_AUTH_PASSWORD_REMINDER');
}
$server_url = generate_board_url();
$key_len = 54 - strlen($server_url);