cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

bug #164

Browse source
This commit is contained in:
root 2006-08-16 00:33:30 +00:00
parent 060e7ca860
commit f4b084bb18
2 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
includes/account.php
View file

@ -1814,8 +1814,8 @@
if($id == 33 && $_SESSION['profile']['admin'] != 1) if($id == 33 && $_SESSION['profile']['admin'] != 1)
{ {
$orgid = $_SESSION['_config']['orgid']; $orgid = intval($_REQUEST['orgid']);
$query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'"; $query = "select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'";
$res = mysql_query($query); $res = mysql_query($query);
if(mysql_num_rows($res) <= 0) if(mysql_num_rows($res) <= 0)
{ {
@ -1840,7 +1840,7 @@
$_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']); $_SESSION['_config']['errmsg'] = sprintf(_("Wasn't able to match '%s' against any user in the system"), $_REQUEST['email']);
} else { } else {
$row = mysql_fetch_assoc($res); $row = mysql_fetch_assoc($res);
mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".$_SESSION['_config']['orgid']."', mysql_query("insert into `org` set `memid`='".$row['id']."', `orgid`='".intval($_REQUEST['orgid'])."',
`masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'"); `masteracc`='$masteracc', `OU`='$OU', `comments`='$comments'");
} }
} }
@ -1849,9 +1849,8 @@
{ {
$orgid = intval($_REQUEST['orgid']); $orgid = intval($_REQUEST['orgid']);
$memid = intval($_REQUEST['memid']); $memid = intval($_REQUEST['memid']);
$res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."'"); $res = mysql_query("select * from `org` where `orgid`='$orgid' and `memid`='".$_SESSION['profile']['id']."' and `masteracc`='1'");
$_macc2 = mysql_num_rows(mysql_query("select * from `org` where `memid`='$memid' and `masteracc`='1'")); if(mysql_num_rows($res) <= 0)
if(mysql_num_rows($res) <= 0 || $_macc2 > 0)
{ {
$id = 32; $id = 32;
} }

11
pages/account/33.php
View file

@ -14,34 +14,35 @@
PARTICULAR PURPOSE. See the License for more details. PARTICULAR PURPOSE. See the License for more details.
*/ ?> */ ?>
<? <?
$query = "select * from `orginfo` where `id`='".$_SESSION[_config][orgid]."'"; $query = "select * from `orginfo` where `id`='".intval($_REQUEST['orgid'])."'";
$row = mysql_fetch_assoc(mysql_query($query)); $row = mysql_fetch_assoc(mysql_query($query));
?> ?>
<form method="post" action="account.php"> <form method="post" action="account.php">
<input type="hidden" name="orgid" value="<?=$_REQUEST['orgid']?>">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td> <td colspan="2" class="title"><? printf(_("New Admin for %s"), $row[O]); ?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><?=_("Email")?>:</td>
<td class="DataTD"><input type="text" name="email" value="<?=$_SESSION[_config][email]?>"></td> <td class="DataTD"><input type="text" name="email" value="<?=$_SESSION['_config']['email']?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Department")?>:</td> <td class="DataTD"><?=_("Department")?>:</td>
<td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION[_config][OU]?>"></td> <td class="DataTD"><input type="text" name="OU" value="<?=$_SESSION['_config']['OU']?>"></td>
</tr> </tr>
<? if($_SESSION['profile']['admin'] == 1) { ?> <? if($_SESSION['profile']['admin'] == 1) { ?>
<tr> <tr>
<td class="DataTD"><?=_("Master Account")?>:</td> <td class="DataTD"><?=_("Master Account")?>:</td>
<td class="DataTD"><select name="masteracc"> <td class="DataTD"><select name="masteracc">
<option value="0">No</option> <option value="0">No</option>
<option value="1"<? if($_SESSION[_config][masteracc] == 1) echo " selected"; ?>>Yes</option> <option value="1"<? if($_SESSION['_config']['masteracc'] == 1) echo " selected"; ?>>Yes</option>
</select></td> </select></td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD"><?=_("Comments")?>:</td> <td class="DataTD"><?=_("Comments")?>:</td>
<td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION[_config][comments]?>"></td> <td class="DataTD"><input type="text" name="comments" value="<?=$_SESSION['_config']['comments']?>"></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Add")?>"></td>