pull/1/head
root 18 years ago
parent 060e7ca860
commit f4b084bb18

@ -1814,8 +1814,8 @@
if($id == 33 && $_SESSION['profile']['admin'] != 1)
{
$orgid = $_SESSION['_config']['orgid'];
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'";
$orgid = intval($_REQUEST['orgid']);
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'";
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
@ -1840,7 +1840,7 @@
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']);
} else {
$row = mysql_fetch_assoc($res);
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".$_SESSION['_config']['orgid']."',
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_REQUEST['orgid'])."',
`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
}
}
@ -1849,9 +1849,8 @@
{
$orgid = intval($_REQUEST['orgid']);
$memid = intval($_REQUEST['memid']);
$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'");
$_macc2 = mysql_num_rows(mysql_query("select * from `org` where `memid`='$memid' and `masteracc`='1'"));
if(mysql_num_rows($res) <= 0 || $_macc2 > 0)
$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
if(mysql_num_rows($res) <= 0)
{
$id = 32;
}

@ -14,34 +14,35 @@
PARTICULAR PURPOSE. See the License for more details.
*/ ?>
<?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
$row = mysql_fetch_assoc(mysql_query($query));
?>
<form method="post" action="account.php">
<input type="hidden" name="orgid" value="<?=$_REQUEST['orgid']?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" value="<?=$_SESSION[_config][email]?>"></td>
<td class="DataTD"><input type="text" name="email" value="<?=$_SESSION['_config']['email']?>"></td>
</tr>
<tr>
<td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION[_config][OU]?>"></td>
<td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION['_config']['OU']?>"></td>
</tr>
<? if($_SESSION['profile']['admin'] == 1) { ?>
<tr>
<td class="DataTD"><?=_("Master Account")?>:</td>
<td class="DataTD"><select name="masteracc">
<option value="0">No</option>
<option value="1"<? if($_SESSION[_config][masteracc] == 1) echo " selected"; ?>>Yes</option>
<option value="1"<? if($_SESSION['_config']['masteracc'] == 1) echo " selected"; ?>>Yes</option>
</select></td>
</tr>
<? } ?>
<tr>
<td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION[_config][comments]?>"></td>
<td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION['_config']['comments']?>"></td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>

Loading…
Cancel
Save