diff --git a/.htaccess b/.htaccess
index e93d4d6..399fc0d 100644
--- a/.htaccess
+++ b/.htaccess
@@ -21,12 +21,14 @@
RewriteRule ^api/([\w-]+)/([\w-]+)$ php/api.php?site=api&call=$1&function=$2 [L]
+#Deny every *.php file
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
+#allow following files
Order Allow,Deny
Allow from all
diff --git a/bin/adduser.js b/bin/adduser.js
index d2cb4c7..9fc6819 100644
--- a/bin/adduser.js
+++ b/bin/adduser.js
@@ -1,13 +1,12 @@
$(document).ready(function(){
$("#button_newuser").click(function(){
- $.post("/php/edit-user.php",
+ $.post("/api/user/new",
{
- function: "new-user",
username: $("#text_user").val(),
passwd: $("#text_passwd").val()
},
function(data){
- if(data==0){
+ if(data=="0"){
infoPopUp("Benutzer erfolgreich erstellt!", 100);
$("#text_user").val("");
$("#text_passwd").val("");
diff --git a/bin/settings.js b/bin/settings.js
index 0461d18..ecea9fd 100644
--- a/bin/settings.js
+++ b/bin/settings.js
@@ -31,9 +31,8 @@ $(document).ready(function(){
}
});
$("#passwordSaveButton").click(function(){
- $.post("/php/edit-user.php",
+ $.post("/api/user/change-pw",
{
- function: "change-pw",
current: $("#old-password-input").val(),
new: $("#new-password-input").val()
},
diff --git a/install/install_adduser.php b/install/install_adduser.php
index 06fa697..9ca584c 100644
--- a/install/install_adduser.php
+++ b/install/install_adduser.php
@@ -13,6 +13,4 @@
-
-
diff --git a/php/edit-user.php b/php/edit-user.php
index 9aa0bdd..bc0dbcb 100644
--- a/php/edit-user.php
+++ b/php/edit-user.php
@@ -1,16 +1,16 @@
get_info($_COOKIE["token"]);
}
-
+
switch ($_GET["function"]) {
case 'change-pw':
$user->change_password($_POST["current"], $_POST["new"]);
break;
- case 'new-user':
+ case 'new':
$user->new($_POST["username"], $_POST["passwd"]);
break;