ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'fix_user_self_edit_2841' of https://github.com/connortechnology/ZoneMinder into connortechnology-fix_user_self_edit_2841

pull/2851/head
Isaac Connor 2020-02-19 16:57:35 -05:00
parent ea2eba4110 1a87eb40bd
commit 5aaf58fe27
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
web/includes/actions/user.php
View File

@ -45,8 +45,16 @@ if ( $action == 'user' ) {
if ( !empty($_REQUEST['uid']) ) { if ( !empty($_REQUEST['uid']) ) {
dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id = ?', array($_REQUEST['uid'])); dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id = ?', array($_REQUEST['uid']));
# If we are updating the logged in user, then update our session user data. # If we are updating the logged in user, then update our session user data.
if ( $user and ( $dbUser['Username'] == $user['Username'] ) ) if ( $user and ( $dbUser['Username'] == $user['Username'] ) ) {
generateAuthHash(ZM_AUTH_HASH_IPS); # We are the logged in user, need to update the $user object and generate a new auth_hash
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Id=?';
$user = dbFetchOne($sql, NULL, array($_REQUEST['uid']));
# Have to update auth hash in session
zm_session_start();
generateAuthHash(ZM_AUTH_HASH_IPS, true);
session_write_close();
}
} else { } else {
dbQuery('INSERT INTO Users SET '.implode(', ', $changes)); dbQuery('INSERT INTO Users SET '.implode(', ', $changes));
} }
@ -61,8 +69,8 @@ if ( $action == 'user' ) {
$types = array(); $types = array();
$changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types); $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);
if (function_exists ('password_hash')) { if ( function_exists('password_hash') ) {
$pass_hash = '"'.password_hash($pass, PASSWORD_BCRYPT).'"'; $pass_hash = '"'.password_hash($_REQUEST['newUser']['Password'], PASSWORD_BCRYPT).'"';
} else { } else {
$pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') '; $pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') ';
ZM\Info ('Cannot use bcrypt as you are using PHP < 5.3'); ZM\Info ('Cannot use bcrypt as you are using PHP < 5.3');
@ -75,8 +83,15 @@ if ( $action == 'user' ) {
} }
if ( count($changes) ) { if ( count($changes) ) {
dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id=?', array($uid)); dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id=?', array($uid));
# We are the logged in user, need to update the $user object and generate a new auth_hash
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Id=?';
$user = dbFetchOne($sql, NULL, array($uid));
zm_session_start();
generateAuthHash(ZM_AUTH_HASH_IPS, true);
session_write_close();
$refreshParent = true; $refreshParent = true;
generateAuthHash(ZM_AUTH_HASH_IPS);
} }
$view = 'none'; $view = 'none';
} }