summaryrefslogtreecommitdiffstats
path: root/web/html/account.php
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2012-12-07 23:24:22 +0100
committerLukas Fleischer <archlinux@cryptocrack.de>2012-12-07 23:24:22 +0100
commitfce4f36e4ff79e90a19bf00fa69b89053b4f62a5 (patch)
treee3444665d01050168bd9d50a3477fb6656b2058c /web/html/account.php
parent20407bb8c60ff705b47df707e21a3e0f73faf239 (diff)
parent332875bbfeb15340b1d67a8f9382e67c4df52eab (diff)
downloadaurweb-fce4f36e4ff79e90a19bf00fa69b89053b4f62a5.tar.xz
Merge branch 'maint'
Diffstat (limited to 'web/html/account.php')
-rw-r--r--web/html/account.php11
1 files changed, 8 insertions, 3 deletions
diff --git a/web/html/account.php b/web/html/account.php
index 786ae02..cccdd76 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -73,9 +73,14 @@ if (isset($_COOKIE["AURSID"])) {
}
} elseif ($action == "UpdateAccount") {
- # user is submitting their modifications to an existing account
- #
- if (check_token()) {
+ $uid = uid_from_sid($_COOKIE['AURSID']);
+
+ /* Details for account being updated */
+ $acctinfo = account_details(in_request('ID'), in_request('U'));
+
+ /* Verify user permissions and that the request is a valid POST */
+ if (can_edit_account($atype, $acctinfo, $uid) && check_token()) {
+ /* Update the details for the existing account */
process_account_form($atype, "edit", "UpdateAccount",
in_request("U"), in_request("T"), in_request("S"),
in_request("E"), in_request("P"), in_request("C"),