Fix for https://bugs.cacert.org/view.php?id=967

Give an OA the opportuntiy to check if a designated Organisation Admininistrator is a CAcert assurer.
12 years ago · 46a36a95e4
parent eea8ed0d51
commit 46a36a95e4
1 changed files with 15 additions and 2 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -2289,8 +2289,21 @@
 			$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), sanitizeHTML($_REQUEST['email']));
 		} else {
 			$row = mysql_fetch_assoc($res);
-			mysql_query("insert into `org` set `memid`='".intval($row['id'])."', `orgid`='".intval($_SESSION['_config']['orgid'])."',
-					`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
+			if ( !is_assurer(intval($row['id'])) )
+			{
+				$id = $oldid;
+				$oldid=0;
+				$_SESSION['_config']['errmsg'] =
+						_("The user is not an Assurer yet");
+			} else {
+				mysql_query(
+					"insert into `org`
+						set `memid`='".intval($row['id'])."',
+							`orgid`='".intval($_SESSION['_config']['orgid'])."',
+							`masteracc`='$masteracc',
+							`OU`='$OU',
+							`comments`='$comments'");
+			}
 		}
 	}