summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2012-08-09 18:39:04 +0200
committerMichael Tänzer <neo@nhng.de>2012-08-09 18:39:04 +0200
commitaee0b3040b04332a7dd95dfe26aebb70b7129873 (patch)
tree106fe1951c7fecd589fcf9de54371c67e13cce19 /includes
parent7d24a41b1a42a3a3325278d7a50b403f702206e6 (diff)
parent9094c433a7b0f2d290d02afff90ce1fef686c220 (diff)
downloadcacert-devel-aee0b3040b04332a7dd95dfe26aebb70b7129873.tar.gz
cacert-devel-aee0b3040b04332a7dd95dfe26aebb70b7129873.tar.xz
cacert-devel-aee0b3040b04332a7dd95dfe26aebb70b7129873.zip
Merge branch 'bug-981' into release
Diffstat (limited to 'includes')
-rw-r--r--includes/account.php16
-rw-r--r--includes/account_stuff.php2
2 files changed, 15 insertions, 3 deletions
diff --git a/includes/account.php b/includes/account.php
index a0d03d8..f84eb63 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2246,8 +2246,7 @@
$orgid = 0;
}
- if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34 ||
- $id == 35 || $oldid == 35)
+ if($id == 32 || $oldid == 32 || $id == 33 || $oldid == 33 || $id == 34 || $oldid == 34)
{
$query = "select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'";
$_macc = mysql_num_rows(mysql_query($query));
@@ -2260,6 +2259,19 @@
}
}
+ if($id == 35 || $oldid == 35)
+ {
+ $query = "select 1 from `org` where `memid`='".intval($_SESSION['profile']['id'])."'";
+ $is_orguser = mysql_num_rows(mysql_query($query));
+ if($_SESSION['profile']['orgadmin'] != 1 && $is_orguser <= 0)
+ {
+ showheader(_("My CAcert.org Account!"));
+ echo _("You don't have access to this area.");
+ showfooter();
+ exit;
+ }
+ }
+
if($id == 33 && $_SESSION['profile']['orgadmin'] != 1)
{
$orgid = intval($_SESSION['_config']['orgid']);
diff --git a/includes/account_stuff.php b/includes/account_stuff.php
index 108bd57..794266a 100644
--- a/includes/account_stuff.php
+++ b/includes/account_stuff.php
@@ -209,7 +209,7 @@ function hideall() {
<ul class="menu" id="serverorg"><li><a href="account.php?id=20"><?=_("New")?></a></li><li><a href="account.php?id=22"><?=_("View")?></a></li></ul>
</div>
<? } ?>
-<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
+<? if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 || $_SESSION['profile']['orgadmin'] == 1) { ?>
<div class="relatedLinks">
<h3 class="pointer" onclick="explode('orgadmin')">+ <?=_("Org Admin")?></h3>
<ul class="menu" id="orgadmin"><? if($_SESSION['profile']['orgadmin'] == 1) { ?><li><a href="account.php?id=24"><?=_("New Organisation")?></a></li><li><a href="account.php?id=25"><?=_("View Organisations")?></a></li><? } ?><li><a href="account.php?id=35"><?=_("View")?></a></li></ul>