[Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin re

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin re

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin recheck the password
Date:	Sun, 5 Feb 2023 04:41:39 -0500 (EST)

sparkyx pushed a commit to branch devel
in repository noalyss.

commit e29412c2baab988111a5714ae53557e41a37fa3a
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Sat Jan 14 14:07:06 2023 +0100

    Improve security : function isAdmin recheck the password
---
 html/user_login.php                  |  4 ++--
 include/ajax/ajax_admin.php          |  2 +-
 include/class/noalyss_user.class.php | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/html/user_login.php b/html/user_login.php
index e4477ff43..126a4ebec 100644
--- a/html/user_login.php
+++ b/html/user_login.php
@@ -98,7 +98,7 @@ if ( $version < DBVERSIONREPO )
     echo '<a hreF="'.$base.'">'.$a.'</a></h2>';
 
 }
-if ( $User->Admin()  == 1)
+if ( $User->isAdmin()  == 1)
 {
     if (SITE_UPDATE !="") {
      $update=@file_get_contents(SITE_UPDATE);
@@ -137,7 +137,7 @@ load_all_script();
 $result="";
 $result.="<table border=\"0\">";
 $result.='<TR>';
-if ( $User->Admin()  == 1 )
+if ( $User->isAdmin()  == 1 )
 {
     $result.="<TD  class=\"tool\" ><A class=\"cell\" 
HREF=\"admin-noalyss.php\">"._("Administration")."  </A></TD>";
 }
diff --git a/include/ajax/ajax_admin.php b/include/ajax/ajax_admin.php
index 5715b3c29..b49d96053 100644
--- a/include/ajax/ajax_admin.php
+++ b/include/ajax/ajax_admin.php
@@ -28,7 +28,7 @@ if (!defined('ALLOWED'))
  * @see admin-noalyss.php ajax_misc.php admin.js
  */
 global $g_user;
-if ($g_user->Admin()==0)
+if ($g_user->isAdmin()==0)
 {
     die();
 }
diff --git a/include/class/noalyss_user.class.php 
b/include/class/noalyss_user.class.php
index f7bce1716..0394287d0 100644
--- a/include/class/noalyss_user.class.php
+++ b/include/class/noalyss_user.class.php
@@ -657,25 +657,25 @@ class Noalyss_User
      * synomym for isAdmin,
      * @deprecated
      */
-    function Admin()
+    function Admin():int
     {
         return $this->isAdmin();
     }
 
     /**
-     * @brief  Check if an user is an admin
+     * @brief  Check if an user is an admin and check also his password
      *
      * @return 1 for yes 0 for no
      */
-    function isAdmin()
+    function isAdmin():int
     {
         $this->admin=0;
         $pass5=$this->password;
         $sql="select count(*) from ac_users where use_login=$1
-             and use_active=1 and use_admin=1 ";
+             and use_active=1 and use_admin=1 and use_pass=$2 ";
 
         $cn=new Database();
-        $this->admin=$cn->get_value($sql, array($this->login));
+        $this->admin=$cn->get_value($sql, array($this->login,$pass5));
         return $this->admin;
     }

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] 03/34: Bug : default accounting override existing one, (continued)
- [Noalyss-commit] [noalyss] 03/34: Bug : default accounting override existing one, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 10/34: Bug : default accounting override existing one, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 13/34: Improve security : function isAdmin recheck the password, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 17/34: Fix : if there is no stock there is an exception instead of a warning, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 15/34: Fix : the select range select also the hidden element, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 05/34: Fix : generate_random_string returns always same value , due to a change in srand(), Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 21/34: Cosmetic : improve CSS for enrich text, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 26/34: Task #0002219: Compatibilit PHP 8.2, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 28/34: Task #0002209: CG – Dans le menu d'actions sur une opération, remplacer «Effacer» par «Supprimer», Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 09/34: Bug : default accounting override existing one, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 06/34: Improve security : function isAdmin recheck the password, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 08/34: Fix : the select range select also the hidden element, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 02/34: Fix bug : return void, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 16/34: Documentation, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 14/34: Improve security : replace $_POST by Http_Input, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 24/34: Bug #0002231: "Payée par" - date non prise en compte, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 29/34: Bug #0002219: Compatibilité PHP 8.2 , 8.1 , 8.0, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 31/34: Merge branch 'master' into devel, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 32/34: Cosmetic #0002204: CA : balance croisée double - affichage brouillon, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 18/34: Cosmetic : improve CSS for enrich text, Dany De Bontridder, 2023/02/05
- [Noalyss-commit] [noalyss] 25/34: Merge branch 'devel', Dany De Bontridder, 2023/02/05

Prev by Date: [Noalyss-commit] [noalyss] 09/34: Bug : default accounting override existing one
Next by Date: [Noalyss-commit] [noalyss] 08/34: Fix : the select range select also the hidden element
Previous by thread: [Noalyss-commit] [noalyss] 09/34: Bug : default accounting override existing one
Next by thread: [Noalyss-commit] [noalyss] 08/34: Fix : the select range select also the hidden element
Index(es):
- Date
- Thread