From 0bb2c9f70cd9a8c7a2b2b79e75d8bc84b401fc59 Mon Sep 17 00:00:00 2001
From: martin <martin>
Date: Mon, 5 Aug 2002 16:12:36 +0000
Subject: [PATCH] Don't allow guest user to change or reset password

---
 login/change_password.php | 15 +++++++++++----
 login/forgot_password.php |  4 ++++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/login/change_password.php b/login/change_password.php
index 8181b73c20..9f8a5ec78a 100644
--- a/login/change_password.php
+++ b/login/change_password.php
@@ -13,15 +13,22 @@
 
 		if (!count((array)$err)) {
 			$username = $frm->username;
-			$password = $frm->newpassword1;
+			$password = md5($frm->newpassword1);
+
+			$user = get_user_info_from_db("username", $username);
+
+            if (isguest($user->id)) {
+                error("Can't change guest password!");
+            }
 			
-			if (! set_field("user", "password", md5($frm->newpassword1), "username", $frm->username)) {
+			if (set_field("user", "password", $password, "username", $username)) {
+                $user->password = $password;
+            } else {
 				error("Could not set the new password");
             }
 
 			unset($USER);
-
-			$USER = get_user_info_from_db("username", $username);
+			$USER = $user;
 			$USER->loggedin = true;
 
 			set_moodle_cookie($USER->username);
diff --git a/login/forgot_password.php b/login/forgot_password.php
index 3a10783bab..187282dc73 100644
--- a/login/forgot_password.php
+++ b/login/forgot_password.php
@@ -16,6 +16,10 @@
                 error("No such user with this address:  $frm->email");
             }
 
+            if (isguest($user->id)) {
+                error("Can't change guest password!");
+            }
+
 			if (! reset_password_and_mail($user)) {
                 error("Could not reset password and mail the new one to you");
             }
-- 
2.39.5