[Web] hide auth settings for external users

2023-05-25 10:06:55 +02:00
parent 2a02bae53e
commit 6dc6c649ce
4 changed files with 10 additions and 8 deletions
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -857,7 +857,7 @@ function edit_user_account($_data) {
  }
  $stmt = $pdo->prepare("SELECT `password` FROM `mailbox`
      WHERE `kind` NOT REGEXP 'location|thing|group'
-        AND `username` = :user");
+        AND `username` = :user AND authsource = 'mailcow'");
  $stmt->execute(array(':user' => $username));
  $row = $stmt->fetch(PDO::FETCH_ASSOC);
  if (!verify_hash($row['password'], $password_old)) {
@@ -878,7 +878,7 @@ function edit_user_account($_data) {
    $stmt = $pdo->prepare("UPDATE `mailbox` SET `password` = :password_hashed,
      `attributes` = JSON_SET(`attributes`, '$.force_pw_update', '0'),
      `attributes` = JSON_SET(`attributes`, '$.passwd_update', NOW())
-        WHERE `username` = :username");
+        WHERE `username` = :username AND authsource = 'mailcow'");
    $stmt->execute(array(
      ':password_hashed' => $password_hashed,
      ':username' => $username