diff options
| author | Michael Tänzer <neo@nhng.de> | 2012-04-25 00:55:05 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2012-04-25 00:55:05 +0200 |
| commit | 9094c433a7b0f2d290d02afff90ce1fef686c220 (patch) | |
| tree | 9cf22add6989ccbb6f3d8a1f0c36e1bb378fc6cc /includes | |
| parent | 2f25d338d1f7ffe9b0b1e843fa5650f284b0c52a (diff) | |
| download | cacert-devel-9094c433a7b0f2d290d02afff90ce1fef686c220.tar.gz cacert-devel-9094c433a7b0f2d290d02afff90ce1fef686c220.tar.xz cacert-devel-9094c433a7b0f2d290d02afff90ce1fef686c220.zip | |
bug 981: Commit changes from INOPIAEbug-981
- wot/35 now accessible by all Org Admins, not only master accounts
- more info on wot/35
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/account.php | 16 | ||||
| -rw-r--r-- | includes/account_stuff.php | 2 |
2 files changed, 15 insertions, 3 deletions
diff --git a/includes/account.php b/includes/account.php index 554713e..db30329 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2246,8 +2246,7 @@ $orgid = 0; } - if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 || - $id == 35 || $oldid == 35) + if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34) { $query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'"; $_macc = mysql_num_rows(mysql_query($query)); @@ -2260,6 +2259,19 @@ } } + if($id == 35 || $oldid == 35) + { + $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'"; + $is_orguser = mysql_num_rows(mysql_query($query)); + if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0) + { + showheader(_("My CAcert.org Account!")); + echo _("You don't have access to this area."); + showfooter(); + exit; + } + } + if($id == 33 && $_SESSION['profile']['orgadmin'] != 1) { $orgid = intval($_SESSION['_config']['orgid']); diff --git a/includes/account_stuff.php b/includes/account_stuff.php index 108bd57..794266a 100644 --- a/includes/account_stuff.php +++ b/includes/account_stuff.php @@ -209,7 +209,7 @@ function hideall() { <ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul> </div> <? } ?> -<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> +<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?> <div class="relatedLinks"> <h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3> <ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul> |