diff options
Diffstat (limited to 'settings/ajax/changepassword.php')
-rw-r--r-- | settings/ajax/changepassword.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index e7e67115dda..c5cdbcef056 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -6,15 +6,15 @@ require_once('../../lib/base.php'); // We send json data header( "Content-Type: application/jsonrequest" ); +$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); +$password = $_POST["password"]; + // Check if we are a user -if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){ +if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' )&& $username!=OC_User::getUser())) { echo json_encode( array( "status" => "error", "data" => array( "message" => "Authentication error" ))); exit(); } -$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); -$password = $_POST["password"]; - // Return Success story if( OC_User::setPassword( $username, $password )){ echo json_encode( array( "status" => "success", "data" => array( "username" => $username ))); |