- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

 interface/web/tools/user_settings.php

@@ -44,6 +44,10 @@
//* Check permissions for module
$app->auth->check_module_permissions('tools');

if($_SESSION['s']['user']['typ'] == 'admin') {
   $app->auth->check_security_permissions('admin_allow_new_admin');
}

// Loading classes
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
@@ -63,7 +67,7 @@
      $app->tform->loadFormDef($tform_def_file);

      // Importing ID
      $this->id = $_SESSION['s']['user']['userid'];
      $this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
      $_POST['id'] = $_SESSION['s']['user']['userid'];

      if(count($_POST) > 1) {
@@ -86,8 +90,22 @@
      if($_POST['passwort'] != $_POST['repeat_password']) {
         $app->tform->errorMessage = $app->tform->lng('password_mismatch');
      }
      $_SESSION['s']['user']['language'] = $_POST['language'];
      $_SESSION['s']['language'] = $_POST['language'];
      if(preg_match('/[a-z]{2}/',$_POST['language'])) {
         $_SESSION['s']['user']['language'] = $_POST['language'];
         $_SESSION['s']['language'] = $_POST['language'];
      } else {
         $app->error('Invalid language.');
      }
   }
	
   function onAfterUpdate() {
      global $app;
		
      if($_POST['passwort'] != '') {
         $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
         $_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
         unset($tmp_user);
      }
   }