bug 1138: Only use support engineer mode if not viewing own history
authorMichael Tänzer <neo@nhng.de>
Fri, 11 Apr 2014 21:38:34 +0000 (23:38 +0200)
committerMichael Tänzer <neo@nhng.de>
Fri, 11 Apr 2014 21:38:34 +0000 (23:38 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
pages/account/59.php

index 5a54dcf..735ee0a 100644 (file)
@@ -38,19 +38,21 @@ $username = $fname." ".$mname." ".$lname." ".$suffix;
 $email = $user['email'];
 $alerts =get_alerts($userid);
 
-$support=0;
-if (array_key_exists('admin', $_SESSION['profile'])){
-    $support=$_SESSION['profile']['admin'];
-}
-
 $ticketno = "";
 if (array_key_exists('ticketno', $_SESSION)) {
     $ticketno = $_SESSION['ticketno'];
 }
 
 // Support Engineer access restrictions
+$support=0;
 if ($userid != $_SESSION['profile']['id']) {
-    if ($support == 0) {
+    // Check if support engineer
+    if (array_key_exists('admin', $_SESSION['profile']) &&
+        $_SESSION['profile']['admin'] != 0)
+    {
+        $support=$_SESSION['profile']['admin'];
+
+    } else {
         echo _("You do not have access to this page.");
         showfooter();
         exit;