diff options
Diffstat (limited to 'settings/ajax')
-rw-r--r-- | settings/ajax/changepassword.php | 9 | ||||
-rw-r--r-- | settings/ajax/creategroup.php | 9 | ||||
-rw-r--r-- | settings/ajax/createuser.php | 8 |
3 files changed, 7 insertions, 19 deletions
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php index b3ebbe6e456..5eab751b04e 100644 --- a/settings/ajax/changepassword.php +++ b/settings/ajax/changepassword.php @@ -3,14 +3,15 @@ // Init owncloud require_once '../../lib/base.php'; +// Check if we are a user +OCP\JSON::callCheck(); +OC_JSON::checkLoggedIn(); +OC_JSON::verifyUser(); + $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser(); $password = $_POST["password"]; $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:''; -// Check if we are a user -OC_JSON::checkLoggedIn(); -OCP\JSON::callCheck(); - $userstatus = null; if(OC_Group::inGroup(OC_User::getUser(), 'admin')) { $userstatus = 'admin'; diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php index 83733ac4d2d..431b449a811 100644 --- a/settings/ajax/creategroup.php +++ b/settings/ajax/creategroup.php @@ -3,14 +3,7 @@ // Init owncloud require_once '../../lib/base.php'; OCP\JSON::callCheck(); - -// Check if we are a user -if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )) { - OC_JSON::error(array("data" => array( "message" => $l->t("Authentication error") ))); - exit(); -} - -OCP\JSON::callCheck(); +OC_JSON::checkAdminUser(); $groupname = $_POST["groupname"]; diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php index bdf7e4983ac..b3e5c23de54 100644 --- a/settings/ajax/createuser.php +++ b/settings/ajax/createuser.php @@ -3,13 +3,7 @@ // Init owncloud require_once '../../lib/base.php'; OCP\JSON::callCheck(); - -// Check if we are a user -if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && !OC_SubAdmin::isSubAdmin(OC_User::getUser()))) { - OC_JSON::error(array("data" => array( "message" => "Authentication error" ))); - exit(); -} -OCP\JSON::callCheck(); +OC_JSON::checkSubAdminUser(); $isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false; |