allow to not set password for an existing anonymous user, as it will screw up SiteMgr sites and others assuming a fixed anonymous password

This commit is contained in:
Ralf Becker 2017-11-02 10:32:54 +01:00
parent 23dddc2adc
commit a32162fa0b

View File

@ -960,24 +960,26 @@ class setup
/**
* add an user account or a user group
*
* if the $username already exists, only the id is returned, no new user / group gets created
* If the $username already exists, only the id is returned, no new user / group gets created,
* but if a non-empty password is given it will be changed to that.
*
* @param string $username alphanumerical username or groupname (account_lid)
* @param string $first first name
* @param string $last last name
* @param $passwd string cleartext pw
* @param string $_passwd cleartext pw or empty or '*unchanged*', to not change pw for existing users
* @param string/boolean $primary_group Groupname for users primary group or False for a group, default 'Default'
* @param boolean $changepw user has right to change pw, default False = Pw change NOT allowed
* @param string $email
* @param string &$anonpw=null on return password for anonymous user
* @return int the numerical user-id
*/
function add_account($username,$first,$last,$passwd,$primary_group='Default',$changepw=False,$email='',&$anonpw=null)
function add_account($username,$first,$last,$_passwd,$primary_group='Default',$changepw=False,$email='',&$anonpw=null)
{
$this->setup_account_object();
$primary_group_id = $primary_group ? $this->accounts->name2id($primary_group) : False;
$passwd = $_passwd;
if ($username == 'anonymous')
{
if (!isset($this->anonpw)) $this->anonpw = Api\Auth::randomstring(16);
@ -1005,7 +1007,7 @@ class setup
}
}
// set password for existing account, if given and not '*unchanged*'
elseif($passwd && $passwd != '*unchanged*')
elseif($_passwd && $_passwd != '*unchanged*')
{
try {
$auth = new Api\Auth;