Add some extra checks before changing a password

author: cflip <36554078+cflip@users.noreply.github.com> 2021-04-25 17:50:21 -0600
committer: cflip <36554078+cflip@users.noreply.github.com> 2021-04-25 17:50:21 -0600
commit: 5c3d6b49d5db5bb3504191933dd171b54219c2b3 (patch)
tree: 32f3b0e8f77fb5306ecd92649c7463ed3c118998
parent: 553d46ae295e880b1bb024fe725870db21f4e61d (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/includes/functions_user.php b/includes/functions_user.php
index b2069a2..4ea1ad1 100644
--- a/includes/functions_user.php
+++ b/includes/functions_user.php
@@ -16,6 +16,16 @@ function register_user(string $username, string $pass_hash)
 
 function change_password(User $user, string $pass_hash)
 {
+	if (!Session::get()->is_signed_in()) {
+		trigger_error('You are not signed in.');
+		return;
+	}
+
+	if (Session::get()->get_current_user()->id != $user->id) {
+		trigger_error("You can't change another user's password.");
+		return;
+	}
+
 	$sql = "UPDATE users SET user_pass = ? WHERE user_id = ?;";
 	Database::get()->query($sql, "si", $pass_hash, $user->id);
 }
 \ No newline at end of file
author	cflip <36554078+cflip@users.noreply.github.com>	2021-04-25 17:50:21 -0600
committer	cflip <36554078+cflip@users.noreply.github.com>	2021-04-25 17:50:21 -0600
commit	5c3d6b49d5db5bb3504191933dd171b54219c2b3 (patch)
tree	32f3b0e8f77fb5306ecd92649c7463ed3c118998
parent	553d46ae295e880b1bb024fe725870db21f4e61d (diff)