From 1e98bc7a794467ef437f17b826cecd5ccb9fe6d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Thu, 19 Apr 2012 00:28:31 +0200 Subject: bug 967: Implement check for Assurer before adding as OrgAdmin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- includes/account.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/includes/account.php b/includes/account.php index 554713e..72165df 100644 --- a/includes/account.php +++ b/includes/account.php @@ -2289,8 +2289,21 @@ $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email'])); } else { $row = mysql_fetch_assoc($res); - mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."', - `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'"); + if ( !is_assurer(intval($row['id'])) ) + { + $id = $oldid; + $oldid=0; + $_SESSION['_config']['errmsg'] = + _("The user is not an Assurer yet"); + } else { + mysql_query( + "insert into `org` + set `memid`='".intval($row['id'])."', + `orgid`='".intval($_SESSION['_config']['orgid'])."', + `masteracc`='$masteracc', + `OU`='$OU', + `comments`='$comments'"); + } } } -- cgit v1.2.1