projects / timetracker.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Improved cron.php security-wise with a more specific sql.
[timetracker.git] / password_change.php
diff --git a/password_change.php b/password_change.php
index bcbd5f4..2dce99f 100644 (file)
--- a/password_change.php
+++ b/password_change.php
@@ -49,8 +49,8 @@ if ($user_id) {
     $smarty->assign('i18n', $i18n->keys);
   }
   if ($user->custom_logo) {
-    $smarty->assign('custom_logo', 'images/'.$user->team_id.'.png');
-    $smarty->assign('mobile_custom_logo', '../images/'.$user->team_id.'.png');
+    $smarty->assign('custom_logo', 'images/'.$user->group_id.'.png');
+    $smarty->assign('mobile_custom_logo', '../images/'.$user->group_id.'.png');
   }
   $smarty->assign('user', $user);
 }
@@ -82,8 +82,8 @@ if ($request->isPost()) {
     if ($auth->doLogin($user->login, $cl_password1)) {
       setcookie('tt_login', $user->login, time() + COOKIE_EXPIRE, '/');
       // Redirect, depending on user role.
-      if ($user->isAdmin()) {
-        header('Location: admin_teams.php');
+      if ($user->can('administer_site')) {
+        header('Location: admin_groups.php');
       } elseif ($user->isClient()) {
         header('Location: reports.php');
       } else {
Unnamed repository; edit this file 'description' to name the repository.