Skip to:
Content

bbPress.org

Changeset 487


Ignore:
Timestamp:
10/17/2006 07:43:57 PM (19 years ago)
Author:
mdawaffe
Message:

Require change_password cap. Fixes #447

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/bb-includes/capabilities.php

    r427 r487  
    5757                        'write_topics' => true,
    5858                        'write_posts' => true,
     59                        'change_password' => true,
    5960                        'read' => true
    6061                )),
     
    8990                        'write_topics' => true,
    9091                        'write_posts' => true,
     92                        'change_password' => true,
    9193                        'read' => true
    9294                )),
     
    116118                        'write_topics' => true,
    117119                        'write_posts' => true,
     120                        'change_password' => true,
    118121                        'read' => true
    119122                )),
     
    131134                        'write_topics' => true,
    132135                        'write_posts' => true,
     136                        'change_password' => true,
    133137                        'read' => true
    134138                )),
     
    137141                    'name' => __('Inactive'),
    138142                    'capabilities' => array(
     143                        'change_password' => true,
    139144                        'read' => true
    140145                )),

  • trunk/bb-includes/registration-functions.php

    r455 r487  
    7979    if ( !$user_id = $bbdb->get_var("SELECT user_id FROM $bbdb->usermeta WHERE meta_key = 'newpwdkey' AND meta_value = '$key'") )
    8080        bb_die(__('Key not found.'));
    81     if ( $user = bb_get_user( $user_id ) ) :
     81    if ( $user = new BB_User( $user_id ) ) :
    8282        if ( bb_has_broken_pass( $user->ID ) )
    8383            bb_block_current_user();
     84        if ( !$user->has_cap( 'change_password' ) )
     85            bb_die( __('You are not allowed to change your password.') );
    8486        $newpass = bb_random_pass( 6 );
    8587        bb_update_user_password( $user->ID, $newpass );

  • trunk/bb-templates/profile-edit.php

    r469 r487  
    7575<?php endif; ?>
    7676
    77 <?php if ( $bb_current_user->ID == $user->ID ) : ?>
     77<?php if ( $bb_current_user->ID == $user->ID && bb_current_user_can( 'change_password' ) ) : ?>
    7878<fieldset>
    7979<legend><?php _e('Password'); ?></legend>

  • trunk/profile-edit.php

    r470 r487  
    9696        endif;
    9797
    98         if ( !empty( $_POST['pass1'] ) && $_POST['pass1'] == $_POST['pass2'] && $bb_current_user->ID == $user->ID ) :
     98        if ( bb_current_user_can( 'change_password' ) && !empty( $_POST['pass1'] ) && $_POST['pass1'] == $_POST['pass2'] && $bb_current_user->ID == $user->ID ) :
    9999            bb_update_user_password ( $bb_current_user->ID, $_POST['pass1'] );
    100100            bb_cookie( $bb->passcookie, md5( md5( $_POST['pass1'] ) ) ); // One week
Note: See TracChangeset for help on using the changeset viewer.