diff options
| author | Michael Tänzer <neo@nhng.de> | 2014-04-11 23:38:34 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2014-04-11 23:38:34 +0200 |
| commit | 6e3be834879c0edbaf05e2fe6c794c517ea68d6e (patch) | |
| tree | 370b14da93ecffe33842425b25a656a088767725 | |
| parent | 4b2c1a6a66bb2e4ed903a308442c02228910f817 (diff) | |
| download | cacert-devel-6e3be834879c0edbaf05e2fe6c794c517ea68d6e.tar.gz cacert-devel-6e3be834879c0edbaf05e2fe6c794c517ea68d6e.tar.xz cacert-devel-6e3be834879c0edbaf05e2fe6c794c517ea68d6e.zip | |
bug 1138: Only use support engineer mode if not viewing own history
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | pages/account/59.php | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/pages/account/59.php b/pages/account/59.php index 5a54dcf..735ee0a 100644 --- a/pages/account/59.php +++ b/pages/account/59.php @@ -38,19 +38,21 @@ $username = $fname." ".$mname." ".$lname." ".$suffix; $email = $user['email']; $alerts =get_alerts($userid); -$support=0; -if (array_key_exists('admin', $_SESSION['profile'])){ - $support=$_SESSION['profile']['admin']; -} - $ticketno = ""; if (array_key_exists('ticketno', $_SESSION)) { $ticketno = $_SESSION['ticketno']; } // Support Engineer access restrictions +$support=0; if ($userid != $_SESSION['profile']['id']) { - if ($support == 0) { + // Check if support engineer + if (array_key_exists('admin', $_SESSION['profile']) && + $_SESSION['profile']['admin'] != 0) + { + $support=$_SESSION['profile']['admin']; + + } else { echo _("You do not have access to this page."); showfooter(); exit; |