diff --git a/includes/account.php b/includes/account.php
index 1a481e2..8bf3b2c 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1814,8 +1814,8 @@
 
 	if($id == 33 && $_SESSION['profile']['admin'] != 1)
 	{
-		$orgid = $_SESSION['_config']['orgid'];
-		$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'";
+		$orgid = intval($_REQUEST['orgid']);
+		$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) <= 0)
 		{
@@ -1840,7 +1840,7 @@
 			$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']);
 		} else {
 			$row = mysql_fetch_assoc($res);
-			mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".$_SESSION['_config']['orgid']."',
+			mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_REQUEST['orgid'])."',
 					`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
 		}
 	}
@@ -1849,9 +1849,8 @@
 	{
 		$orgid = intval($_REQUEST['orgid']);
 		$memid = intval($_REQUEST['memid']);
-		$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'");
-		$_macc2 = mysql_num_rows(mysql_query("select * from `org` where `memid`='$memid' and `masteracc`='1'"));
-		if(mysql_num_rows($res) <= 0 || $_macc2 > 0)
+		$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
+		if(mysql_num_rows($res) <= 0)
 		{
 			$id = 32;
 		}
diff --git a/pages/account/33.php b/pages/account/33.php
index 6ee8f18..9adadbc 100644
--- a/pages/account/33.php
+++ b/pages/account/33.php
@@ -14,34 +14,35 @@
     PARTICULAR PURPOSE.  See the License for more details.
 */ ?>
 <?
-	$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'";
+	$query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
 	$row = mysql_fetch_assoc(mysql_query($query));
 ?>
 <form method="post" action="account.php">
+<input type="hidden" name="orgid" value="<?=$_REQUEST['orgid']?>">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
   <tr>
     <td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Email")?>:</td>
-    <td class="DataTD"><input type="text" name="email" value="<?=$_SESSION[_config][email]?>"></td>
+    <td class="DataTD"><input type="text" name="email" value="<?=$_SESSION['_config']['email']?>"></td>
   </tr>
   <tr>
     <td class="DataTD"><?=_("Department")?>:</td>
-    <td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION[_config][OU]?>"></td>
+    <td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION['_config']['OU']?>"></td>
   </tr>
 <? if($_SESSION['profile']['admin'] == 1) { ?>
   <tr>
     <td class="DataTD"><?=_("Master Account")?>:</td>
     <td class="DataTD"><select name="masteracc">
 		<option value="0">No</option>
-		<option value="1"<? if($_SESSION[_config][masteracc] == 1) echo " selected"; ?>>Yes</option>
+		<option value="1"<? if($_SESSION['_config']['masteracc'] == 1) echo " selected"; ?>>Yes</option>
 	</select></td>
   </tr>
 <? } ?>
   <tr>
     <td class="DataTD"><?=_("Comments")?>:</td>
-    <td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION[_config][comments]?>"></td>
+    <td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION['_config']['comments']?>"></td>
   </tr>
   <tr>
     <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>