Fix 2660 (hestiacp#2661)

* Fix 2660

* Make field read only for not admin users

Author: jaapmarcus

web/login/index.php

@@ -132,7 +132,7 @@ function authenticate_user($user, $password, $twofa = '')
             if ($method == 'yescrypt') {
                 $v_password = tempnam("/tmp", "vst");
                 $fp = fopen($v_password, "w");
-                fwrite($fp, $_POST['password']."\n");
+                fwrite($fp, $password."\n");
                 fclose($fp);
                 exec(HESTIA_CMD . 'v-check-user-password '. $v_user.' '. $v_password. ' '.$v_ip.' yes', $output, $return_var);
                 $hash = $output[0];

web/templates/pages/edit_mail.html

@@ -91,7 +91,7 @@
 						</tr>
 						<tr>
 							<td>
-								<input type="text" size="20" class="vst-input" name="v_rate" value="<?=htmlentities(trim($v_rate, "'"))?>">
+								<input type="text" size="20" class="vst-input" name="v_rate" value="<?=htmlentities(trim($v_rate, "'"))?>" <?php if($_SESSION['userContext'] != "admin"){ echo "disabled";}?>>>
 							</td>
 						</tr>
 						<?php if (!empty($_SESSION['ANTISPAM_SYSTEM'])) {?>