summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2013-01-22 22:24:17 +0000
committerLukas Fleischer <archlinux@cryptocrack.de>2013-01-30 09:25:29 +0100
commitaab6eed1387a9f73759afc22ff3219e4844a34c0 (patch)
treeefa44abd19ec0f672c4319a189fab41468cceb43
parent1fd620cc2fc93b238af6793a9970f5a79f6ed7a3 (diff)
downloadaurweb-aab6eed1387a9f73759afc22ff3219e4844a34c0.tar.xz
Replace permission check code with can_edit_account()
Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
-rw-r--r--web/html/account.php7
1 files changed, 2 insertions, 5 deletions
diff --git a/web/html/account.php b/web/html/account.php
index cccdd76..2133734 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -48,11 +48,8 @@ if (isset($_COOKIE["AURSID"])) {
if (empty($row)) {
print __("Could not retrieve information for the specified user.");
} else {
- # double check to make sure logged in user can edit this account
- #
- if ($atype == "Developer" || ($atype == "Trusted User" &&
- $row["AccountType"] != "Developer") ||
- ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
+ /* Verify user has permission to edit the account */
+ if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],