bug 967: Implement check for Assurer before adding as OrgAdmin bug-967
authorMichael Tänzer <neo@nhng.de>
Wed, 18 Apr 2012 22:28:31 +0000 (00:28 +0200)
committerMichael Tänzer <neo@nhng.de>
Wed, 18 Apr 2012 22:28:31 +0000 (00:28 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/account.php

index 554713e..72165df 100644 (file)
                        $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
                } else {
                        $row = mysql_fetch_assoc($res);
-                       mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
-                                       `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
+                       if ( !is_assurer(intval($row['id'])) )
+                       {
+                               $id = $oldid;\r
+                               $oldid=0;\r
+                               $_SESSION['_config']['errmsg'] =
+                                               _("The user is not an Assurer yet");
+                       } else {
+                               mysql_query(
+                                       "insert into `org`
+                                               set `memid`='".intval($row['id'])."',
+                                                       `orgid`='".intval($_SESSION['_config']['orgid'])."',
+                                                       `masteracc`='$masteracc',
+                                                       `OU`='$OU',
+                                                       `comments`='$comments'");
+                       }
                }
        }