Don't allow guest user to change or reset password

diff --git a/login/change_password.php b/login/change_password.php
index 8181b73c20c095fca84c3d897f0d69c5d89fbdd6..9f8a5ec78ab7e7797febbf4139682fca76a337b0 100644 (file)
--- a/login/change_password.php
+++ b/login/change_password.php
@@ -13,15 +13,22 @@
 
                if (!count((array)$err)) {
                        $username = $frm->username;
-                       $password = $frm->newpassword1;
+                       $password = md5($frm->newpassword1);
+
+                       $user = get_user_info_from_db("username", $username);
+
+            if (isguest($user->id)) {
+                error("Can't change guest password!");
+            }
                        
-                       if (! set_field("user", "password", md5($frm->newpassword1), "username", $frm->username)) {
+                       if (set_field("user", "password", $password, "username", $username)) {
+                $user->password = $password;
+            } else {
                                error("Could not set the new password");
             }
 
                        unset($USER);
-
-                       $USER = get_user_info_from_db("username", $username);
+                       $USER = $user;
                        $USER->loggedin = true;
 
                        set_moodle_cookie($USER->username);

diff --git a/login/forgot_password.php b/login/forgot_password.php
index 3a10783bab68ddf2255f88a447e6aa0c9add0a56..187282dc73709f6dc8aed69bba76986795d84141 100644 (file)
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -16,6 +16,10 @@
                 error("No such user with this address:  $frm->email");
             }
 
+            if (isguest($user->id)) {
+                error("Can't change guest password!");
+            }
+
                        if (! reset_password_and_mail($user)) {
                 error("Could not reset password and mail the new one to you");
             }