Change auth checks

settings/ajax/changepassword.php

@@ -3,14 +3,15 @@
 // Init owncloud
 require_once '../../lib/base.php';
 
+// Check if we are a user
+OCP\JSON::callCheck();
+OC_JSON::checkLoggedIn();
+OC_JSON::verifyUser();
+
 $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
 $password = $_POST["password"];
 $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
 
-// Check if we are a user
-OC_JSON::checkLoggedIn();
-OCP\JSON::callCheck();
-
 $userstatus = null;
 if(OC_Group::inGroup(OC_User::getUser(), 'admin')) {
 	$userstatus = 'admin';

settings/ajax/creategroup.php

@@ -3,14 +3,7 @@
 // Init owncloud
 require_once '../../lib/base.php';
 OCP\JSON::callCheck();
-
+OC_JSON::checkAdminUser();
-// Check if we are a user
-if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
-	OC_JSON::error(array("data" => array( "message" => $l->t("Authentication error") )));
-	exit();
-}
-
-OCP\JSON::callCheck();
 
 $groupname = $_POST["groupname"];
 

settings/ajax/createuser.php

@@ -3,13 +3,7 @@
 // Init owncloud
 require_once '../../lib/base.php';
 OCP\JSON::callCheck();
-
+OC_JSON::checkSubAdminUser();
-// Check if we are a user
-if( !OC_User::isLoggedIn() || (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && !OC_SubAdmin::isSubAdmin(OC_User::getUser()))) {
-	OC_JSON::error(array("data" => array( "message" => "Authentication error" )));
-	exit();
-}
-OCP\JSON::callCheck();
 
 $isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false;
 

settings/personal.php

@@ -7,6 +7,7 @@
 
 require_once '../lib/base.php';
 OC_Util::checkLoggedIn();
+OC_Util::verifyUser();
 
 // Highlight navigation entry
 OC_Util::addScript( 'settings', 'personal' );

settings/settings.php

@@ -7,6 +7,7 @@
 
 require_once '../lib/base.php';
 OC_Util::checkLoggedIn();
+OC_Util::verifyUser();
 
 OC_Util::addStyle( 'settings', 'settings' );
 OC_App::setActiveNavigationEntry( 'settings' );