summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--web/html/account.php34
-rw-r--r--web/html/index.php3
-rw-r--r--web/lib/acctfuncs.inc.php18
3 files changed, 11 insertions, 44 deletions
diff --git a/web/html/account.php b/web/html/account.php
index b0906d91..786ae026 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) {
} else {
# double check to make sure logged in user can edit this account
#
- if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
- print __("You do not have permission to edit this account.");
- } else {
-
+ if ($atype == "Developer" || ($atype == "Trusted User" &&
+ $row["AccountType"] != "Developer") ||
+ ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"],
- $row["AccountType"], $row["Suspended"], $row["Email"],
- "", "", $row["RealName"], $row["LangPreference"],
- $row["IRCNick"], $row["PGPKey"], $row["ID"]);
+ $row["AccountType"], $row["Suspended"], $row["Email"],
+ "", "", $row["RealName"], $row["LangPreference"],
+ $row["IRCNick"], $row["PGPKey"], $row["ID"]);
+ } else {
+ print __("You do not have permission to edit this account.");
}
}
@@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) {
search_accounts_form();
} else {
- # A normal user, give them the ability to edit
- # their own account
- #
- $row = own_account_details($_COOKIE["AURSID"]);
- if (empty($row)) {
- print __("Could not retrieve information for the specified user.");
- } else {
- # don't need to check if they have permissions, this is a
- # normal user editing themselves.
- #
- print __("Use this form to update your account.");
- print "<br />";
- print __("Leave the password fields blank to keep your same password.");
- display_account_form($atype, "UpdateAccount", $row["Username"],
- $row["AccountType"], $row["Suspended"], $row["Email"],
- "", "", $row["RealName"], $row["LangPreference"],
- $row["IRCNick"], $row["PGPKey"], $row["ID"]);
- }
+ print __("You are not allowed to access this area.");
}
}
diff --git a/web/html/index.php b/web/html/index.php
index 0e368834..70698a44 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -60,8 +60,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
} else {
$_REQUEST['Action'] = "AccountInfo";
}
+ } else {
+ $_REQUEST['Action'] = "AccountInfo";
}
-
}
include get_route('/' . $tokens[1]);
} elseif (get_route($path) !== NULL) {
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 7471d06b..ed2c7c6d 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -719,24 +719,6 @@ function account_details($uid, $username, $dbh=NULL) {
return $row;
}
-function own_account_details($sid, $dbh=NULL) {
- if(!$dbh) {
- $dbh = db_connect();
- }
- $q = "SELECT Users.*, AccountTypes.AccountType ";
- $q.= "FROM Users, AccountTypes, Sessions ";
- $q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
- $q.= "AND Users.ID = Sessions.UsersID ";
- $q.= "AND Sessions.SessionID = " . $dbh->quote($sid);
- $result = $dbh->query($q);
-
- if ($result) {
- $row = $result->fetch(PDO::FETCH_ASSOC);
- }
-
- return $row;
-}
-
function tu_voted($voteid, $uid, $dbh=NULL) {
if (!$dbh) {
$dbh = db_connect();