login/post: ignore ?login override for non user admins

[minimedit.git] / login / post / index.php

diff --git a/login/post/index.php b/login/post/index.php
index c3439a18c9453fbc84333bf837d222d1e24e29fe..e491e357b53c10090a8abef52ca2ab22441dc823 100644 (file)
--- a/login/post/index.php
+++ b/login/post/index.php
@@ -1,5 +1,7 @@
 <?php
-if ($username = @$_REQUEST['login']) {
+$body = ob_get_clean();
+
+if ($User->admin('user') and $username = @$_REQUEST['login']) {
        try {
                $user = new User("profile/$username");
        }
@@ -21,3 +23,9 @@ if ( $password = trim(@file_get_contents("{$user->dir}/.passwd")) ) {
        }
        $Place['pass'] = htmlspecialchars($password) ?: '<em>zelf ingesteld</em>';
 }
+else {
+       $Place['pass'] = '<em>onbekend</em>';
+}
+
+print '<p class="nav right"><a href="javascript:window.print()">Print</a></p>'."\n";
+print $body;