Browse Source

prevent admin hijacks

pull/1/head
Friendika 11 years ago
parent
commit
bb0c24bd4f
3 changed files with 10 additions and 1 deletions
  1. +1
    -1
      mod/notifications.php
  2. +5
    -0
      mod/regmod.php
  3. +4
    -0
      mod/settings.php

+ 1
- 1
mod/notifications.php View File

@ -127,7 +127,7 @@ function notifications_content(&$a) {
notice( t('No notifications.') . EOL);
if ($a->config['register_policy'] = REGISTER_APPROVE &&
$a->config['admin_email'] = $a->user['email']){
$a->config['admin_email'] === $a->user['email']){
$o .= load_view_file('view/registrations-top.tpl');
$r = q("SELECT `register`.*, `contact`.`name`, `user`.`email`


+ 5
- 0
mod/regmod.php View File

@ -12,6 +12,11 @@ function regmod_content(&$a) {
return $o;
}
if((! (x($a->config,'admin_email'))) || ($a->config['admin_email'] !== $a->user['email'])) {
notice( t('Permission denied.') . EOL);
return '';
}
if($a->argc != 3)
killme();


+ 4
- 0
mod/settings.php View File

@ -95,6 +95,10 @@ function settings_post(&$a) {
$email_changed = true;
if(! valid_email($email))
$err .= t(' Not valid email.');
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
$err .= t(' Cannot change to that email.');
$email = $a->user['email'];
}
}
if(strlen($err)) {


Loading…
Cancel
Save