From 41384dc62fcafa5d9cfda4630abd5954bb2f08c9 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Fri, 25 Mar 2016 18:20:57 -0700
Subject: [PATCH] Fixes  #1845 - remove ability for users to change their email
 and password

---
 .../Controllers/ChangeEmailController.php     | 84 -------------------
 .../Controllers/ChangePasswordController.php  | 84 -------------------
 app/Http/routes.php                           |  8 --
 resources/views/layouts/default.blade.php     |  7 +-
 4 files changed, 1 insertion(+), 182 deletions(-)
 delete mode 100755 app/Http/Controllers/ChangeEmailController.php
 delete mode 100755 app/Http/Controllers/ChangePasswordController.php

diff --git a/app/Http/Controllers/ChangeEmailController.php b/app/Http/Controllers/ChangeEmailController.php
deleted file mode 100755
index d08a2b02b7..0000000000
--- a/app/Http/Controllers/ChangeEmailController.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-/**
- * This controller handles all actions for users changing their email address in their profile
- *  for the Snipe-IT Asset Management application.
- *
- * PHP version 5.5.9
- * @package    Snipe-IT
- * @version    v1.0
- */
-namespace App\Http\Controllers;
-
-use Input;
-use Redirect;
-use Validator;
-use View;
-use Config;
-use Lang;
-
-class ChangeEmailController extends Controller
-{
-    /**
-     * User change email page.
-     *
-     * @return View
-     */
-    public function getIndex()
-    {
-        // Get the user information
-        $user = Auth::user();
-
-        // Show the page
-        return View::make('account/change-email', compact('user'));
-    }
-
-    /**
-     * Users change email form processing page.
-     *
-     * @return Redirect
-     */
-    public function postIndex()
-    {
-
-
-        if (config('app.lock_passwords')) {
-            return Redirect::route('change-password')->with('error', Lang::get('admin/users/table.lock_passwords'));
-        } else {
-
-            // Declare the rules for the form validation
-            $rules = array(
-                'current_password' => 'required|between:3,32',
-                'email'            => 'required|email|unique:users,email,'.Auth::user()->email.',email',
-                'email_confirm'    => 'required|same:email',
-            );
-
-            // Create a new validator instance from our validation rules
-            $validator = Validator::make(Input::all(), $rules);
-
-            // If validation fails, we'll exit the operation now.
-            if ($validator->fails()) {
-                // Ooops.. something went wrong
-                return Redirect::back()->withInput()->withErrors($validator);
-            }
-
-            // Grab the user
-            $user = Auth::user();
-
-            // Check the user current password
-            if (! $user->checkPassword(Input::get('current_password'))) {
-                // Set the error message
-                $this->messageBag->add('current_password', 'Your current password is incorrect');
-
-                // Redirect to the change email page
-                return Redirect::route('change-email')->withErrors($this->messageBag);
-            }
-
-            // Update the user email
-            $user->email = Input::get('email');
-            $user->save();
-
-            // Redirect to the settings page
-            return Redirect::route('change-email')->with('success', 'Email successfully updated');
-        }
-    }
-}
diff --git a/app/Http/Controllers/ChangePasswordController.php b/app/Http/Controllers/ChangePasswordController.php
deleted file mode 100755
index e73035ca15..0000000000
--- a/app/Http/Controllers/ChangePasswordController.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-/**
- * This controller handles all actions related to users changing
- * their passwords in the Snipe-IT Asset Management application.
- *
- * PHP version 5.5.9
- * @package    Snipe-IT
- * @version    v1.0
- */
-namespace App\Http\Controllers;
-
-use Input;
-use Redirect;
-use Validator;
-use View;
-use Config;
-use Lang;
-
-class ChangePasswordController extends Controller
-{
-    /**
-     * User change password page.
-     *
-     * @return View
-     */
-    public function getIndex()
-    {
-        // Get the user information
-        $user = Auth::user();
-
-        // Show the page
-        return View::make('account/change-password', compact('user'));
-    }
-
-    /**
-     * User change password form processing page.
-     *
-     * @return Redirect
-     */
-    protected function postIndex()
-    {
-
-
-        if (config('app.lock_passwords')) {
-            return Redirect::route('change-password')->with('error', Lang::get('admin/users/table.lock_passwords'));
-        } else {
-
-        // Declare the rules for the form validation
-            $rules = array(
-            'old_password'     => 'required|min:6',
-            'password'         => 'required|min:6',
-            'password_confirm' => 'required|same:password',
-            );
-
-        // Create a new validator instance from our validation rules
-            $validator = Validator::make(Input::all(), $rules);
-
-        // If validation fails, we'll exit the operation now.
-            if ($validator->fails()) {
-                // Ooops.. something went wrong
-                return Redirect::back()->withInput()->withErrors($validator);
-            }
-
-        // Grab the user
-            $user = Auth::user();
-
-        // Check the user current password
-            if (! $user->checkPassword(Input::get('old_password'))) {
-                // Set the error message
-                $this->messageBag->add('old_password', 'Your current password is incorrect.');
-
-                // Redirect to the change password page
-                return Redirect::route('change-password')->withErrors($this->messageBag);
-            }
-
-        // Update the user password
-            $user->password = Input::get('password');
-            $user->save();
-        }
-
-        // Redirect to the change-password page
-        return Redirect::route('change-password')->with('success', 'Password successfully updated');
-    }
-}
diff --git a/app/Http/routes.php b/app/Http/routes.php
index b9d4ea234d..af28566f4a 100755
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -676,17 +676,9 @@ Route::group([ 'prefix' => 'account', 'middleware' => 'auth' ], function () {
     Route::get('profile', [ 'as' => 'profile', 'uses' => 'ProfileController@getIndex' ]);
     Route::post('profile', 'ProfileController@postIndex');
 
-    # Change Password
-    Route::get('change-password', [ 'as' => 'change-password', 'uses' => 'ChangePasswordController@getIndex' ]);
-    Route::post('change-password', 'ChangePasswordController@postIndex');
-
     # View Assets
     Route::get('view-assets', [ 'as' => 'view-assets', 'uses' => 'ViewAssetsController@getIndex' ]);
 
-    # Change Email
-    Route::get('change-email', [ 'as' => 'change-email', 'uses' => 'ChangeEmailController@getIndex' ]);
-    Route::post('change-email', 'ChangeEmailController@postIndex');
-
     # Accept Asset
     Route::get(
         'accept-asset/{logID}',
diff --git a/resources/views/layouts/default.blade.php b/resources/views/layouts/default.blade.php
index 4190b9d787..467477d327 100644
--- a/resources/views/layouts/default.blade.php
+++ b/resources/views/layouts/default.blade.php
@@ -228,13 +228,8 @@
                           <a href="{{ route('profile') }}">
                              <i class="fa fa-user fa-fw"></i> @lang('general.editprofile')
                          </a>
-                          <a href="{{ route('change-password') }}">
-                             <i class="fa fa-lock fa-fw"></i> @lang('general.changepassword')
-                         </a>
-                         <a href="{{ route('change-email') }}">
-                             <i class="fa fa-envelope fa-fw"></i> @lang('general.changeemail')
-                         </a>
                      </li>
+                     <li class="divider"></li>
                      <li>
                          <a href="{{ url('/logout') }}">
                              <i class="fa fa-sign-out fa-fw"></i>