summaryrefslogtreecommitdiffstats
path: root/settings/ajax
diff options
context:
space:
mode:
Diffstat (limited to 'settings/ajax')
-rw-r--r--settings/ajax/changepassword.php9
-rw-r--r--settings/ajax/creategroup.php9
-rw-r--r--settings/ajax/createuser.php8
3 files changed, 7 insertions, 19 deletions
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index b3ebbe6e456..5eab751b04e 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -3,14 +3,15 @@
// Init owncloud
require_once '../../lib/base.php';
+// Check if we are a user
+OCP\JSON::callCheck();
+OC_JSON::checkLoggedIn();
+OC_JSON::verifyUser();
+
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$password = $_POST["password"];
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
-// Check if we are a user
-OC_JSON::checkLoggedIn();
-OCP\JSON::callCheck();
-
$userstatus = null;
if(OC_Group::inGroup(OC_User::getUser(), 'admin')) {
$userstatus = 'admin';
diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php
index 83733ac4d2d..431b449a811 100644
--- a/settings/ajax/creategroup.php
+++ b/settings/ajax/creategroup.php
@@ -3,14 +3,7 @@
// Init owncloud
require_once '../../lib/base.php';
OCP\JSON::callCheck();
-
-// Check if we are a user
-if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
- OC_JSON::error(array("data" => array( "message" => $l->t("Authentication error") )));
- exit();
-}
-
-OCP\JSON::callCheck();
+OC_JSON::checkAdminUser();
$groupname = $_POST["groupname"];
diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php
index bdf7e4983ac..b3e5c23de54 100644
--- a/settings/ajax/createuser.php
+++ b/settings/ajax/createuser.php
@@ -3,13 +3,7 @@
// Init owncloud
require_once '../../lib/base.php';
OCP\JSON::callCheck();
-
-// Check if we are a user
-if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && !OC_SubAdmin::isSubAdmin(OC_User::getUser()))) {
- OC_JSON::error(array("data" => array( "message" => "Authentication error" )));
- exit();
-}
-OCP\JSON::callCheck();
+OC_JSON::checkSubAdminUser();
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false;