diff options
Diffstat (limited to 'includes/controller')
-rw-r--r-- | includes/controller/rooms_controller.php | 8 | ||||
-rw-r--r-- | includes/controller/users_controller.php | 5 |
2 files changed, 10 insertions, 3 deletions
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index a79034fb..bba38bb5 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -16,8 +16,14 @@ function room_controller() { if (! in_array('view_rooms', $privileges)) { redirect(page_link_to()); } - + + $room = load_room(); + + if($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) { + redirect(page_link_to()); + } + $all_shifts = Shifts_by_room($room); $days = []; foreach ($all_shifts as $shift) { diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 64f725de..3825af7c 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -211,6 +211,7 @@ function users_list_controller() { * Second step of password recovery: set a new password using the token link from email */ function user_password_recovery_set_new_controller() { + global $min_password_length; $user_source = User_by_password_recovery_token($_REQUEST['token']); if ($user_source == null) { error(_("Token is not correct.")); @@ -219,8 +220,8 @@ function user_password_recovery_set_new_controller() { if (isset($_REQUEST['submit'])) { $valid = true; - - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + + if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $valid = false; error(_("Your passwords don't match.")); |