summaryrefslogtreecommitdiff
path: root/pages
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-04-11 23:38:34 +0200
committerMichael Tänzer <neo@nhng.de>2014-04-11 23:38:34 +0200
commit6e3be834879c0edbaf05e2fe6c794c517ea68d6e (patch)
tree370b14da93ecffe33842425b25a656a088767725 /pages
parent4b2c1a6a66bb2e4ed903a308442c02228910f817 (diff)
downloadcacert-devel-6e3be834879c0edbaf05e2fe6c794c517ea68d6e.tar.gz
cacert-devel-6e3be834879c0edbaf05e2fe6c794c517ea68d6e.tar.xz
cacert-devel-6e3be834879c0edbaf05e2fe6c794c517ea68d6e.zip
bug 1138: Only use support engineer mode if not viewing own history
Signed-off-by: Michael Tänzer <neo@nhng.de>
Diffstat (limited to 'pages')
-rw-r--r--pages/account/59.php14
1 files changed, 8 insertions, 6 deletions
diff --git a/pages/account/59.php b/pages/account/59.php
index 5a54dcf..735ee0a 100644
--- a/pages/account/59.php
+++ b/pages/account/59.php
@@ -38,19 +38,21 @@ $username = $fname." ".$mname." ".$lname." ".$suffix;
$email = $user['email'];
$alerts =get_alerts($userid);
-$support=0;
-if (array_key_exists('admin', $_SESSION['profile'])){
- $support=$_SESSION['profile']['admin'];
-}
-
$ticketno = "";
if (array_key_exists('ticketno', $_SESSION)) {
$ticketno = $_SESSION['ticketno'];
}
// Support Engineer access restrictions
+$support=0;
if ($userid != $_SESSION['profile']['id']) {
- if ($support == 0) {
+ // Check if support engineer
+ if (array_key_exists('admin', $_SESSION['profile']) &&
+ $_SESSION['profile']['admin'] != 0)
+ {
+ $support=$_SESSION['profile']['admin'];
+
+ } else {
echo _("You do not have access to this page.");
showfooter();
exit;