Empty password is forbidden when creating new user account.

diff --git a/admin/users.php b/admin/users.php
index 135e0068cd013819365b6d81c1447f8ec417ab32..2074bc1945c11c424420cfe8cd91a18b5f40cc1c 100644 (file)
--- a/admin/users.php
+++ b/admin/users.php
@@ -23,7 +23,7 @@ include_once($path_to_root . "/admin/db/users_db.inc");
 simple_page_mode(true);
 //-------------------------------------------------------------------------------------------------
 
-function can_process() 
+function can_process($new) 
 {
 
        if (strlen($_POST['user_id']) < 4)
@@ -33,7 +33,7 @@ function can_process()
                return false;
        }
 
-       if ($_POST['password'] != "") 
+       if (!$new && ($_POST['password'] != ""))
        {
        if (strlen($_POST['password']) < 4)
        {
@@ -58,7 +58,7 @@ function can_process()
 if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
-       if (can_process())
+       if (can_process($Mode == 'ADD_ITEM'))
        {
        if ($selected_id != -1) 
        {