diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-07-26 07:43:18 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-07-26 07:43:18 +0000 |
| commit | 392354df0a4f2c21aabad2f1b527448251a60f99 (patch) | |
| tree | ab34820cef4990e4139326ccd2e507c5731d216c /preferences.php | |
| parent | 975af37b254ebc74533f1562005dccf75ef0f021 (diff) | |
| download | ampache-392354df0a4f2c21aabad2f1b527448251a60f99.tar.gz ampache-392354df0a4f2c21aabad2f1b527448251a60f99.tar.bz2 ampache-392354df0a4f2c21aabad2f1b527448251a60f99.zip | |
switched to sha() password encryption not using sha2 because of limitations of amarok, also added some caching and fixed some misc bugs
Diffstat (limited to 'preferences.php')
| -rw-r--r-- | preferences.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/preferences.php b/preferences.php index 1962210e..9c28ed96 100644 --- a/preferences.php +++ b/preferences.php @@ -28,6 +28,11 @@ switch($_REQUEST['action']) { access_denied(); exit; } + + if (!Core::form_verify('update_preferences','post')) { + access_denied(); + exit; + } /* Reset the Theme */ if ($_REQUEST['method'] == 'admin') { @@ -53,6 +58,11 @@ switch($_REQUEST['action']) { exit; } + if (!Core::form_verify('update_preferences','post')) { + access_denied(); + exit; + } + update_preferences($_REQUEST['user_id']); header("Location: " . Config::get('web_path') . "/admin/users.php?action=show_preferences&user_id=" . scrub_out($_REQUEST['user_id'])); break; @@ -76,10 +86,16 @@ switch($_REQUEST['action']) { break; case 'update_user': // Make sure we're a user and they came from the form - if (!Access::check('interface','25') || $_POST['form_string'] != $_SESSION['forms']['account'] || !strlen($_SESSION['forms']['account'])) { + if (!Access::check('interface','25')) { access_denied(); exit; } + + if (!Core::form_verify('update_user','post')) { + access_denied(); + exit; + } + // Remove the value unset($_SESSION['forms']['account']); |