Prevent admin locking themselves out when resetting own password

dregad · dregad · commit f3420be2cd78 · 2012-06-06T17:05:46.000+02:00
Prior to this, when an admin attempted to reset their own password from
manage_user_edit_page.php (with $g_send_reset_password = ON), they were
no longer able to login because the sent confirmation hash was not valid
anymore since the last_visit timestamp used to generate it is updated by
every successful loading of the page (footer).

This commit prevents such behavior by hiding the "Reset Password" button
for the current user in the manage user page. One's own password should
be changed in account_page.php (My Account).

Fixes #14260
diff --git a/manage_user_edit_page.php b/manage_user_edit_page.php
@@ -178,7 +178,8 @@
 <?php
 // User action buttons: RESET/UNLOCK and DELETE
 
-$t_reset = helper_call_custom_function( 'auth_can_change_password', array() );
+$t_reset = $t_user['id'] != auth_get_current_user_id()
+	&& helper_call_custom_function( 'auth_can_change_password', array() );
 $t_unlock = OFF != config_get( 'max_failed_login_count' ) && $t_user['failed_login_count'] > 0;
 $t_delete = !( ( user_is_administrator( $t_user_id ) && ( user_count_level( config_get_global( 'admin_site_threshold' ) ) <= 1 ) ) );
 
