summaryrefslogtreecommitdiffstats
path: root/web/html/account.php
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-09-15 10:22:50 -0400
committerLukas Fleischer <archlinux@cryptocrack.de>2012-09-18 00:59:45 +0200
commite84eb4ae54ceaa329d154bcac214be281e71ba0a (patch)
treee771ae05de8af388b170d251698fc93380fc6515 /web/html/account.php
parentd6f89f97c08d7eeb805246dc94a835057d53243d (diff)
downloadaurweb-e84eb4ae54ceaa329d154bcac214be281e71ba0a.tar.xz
Overhaul ability to edit own account
* Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html/account.php')
-rw-r--r--web/html/account.php34
1 files changed, 9 insertions, 25 deletions
diff --git a/web/html/account.php b/web/html/account.php
index b0906d9..786ae02 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) {
} else {
# double check to make sure logged in user can edit this account
#
- if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
- print __("You do not have permission to edit this account.");
- } else {
-
+ if ($atype == "Developer" || ($atype == "Trusted User" &&
+ $row["AccountType"] != "Developer") ||
+ ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"],
- $row["AccountType"], $row["Suspended"], $row["Email"],
- "", "", $row["RealName"], $row["LangPreference"],
- $row["IRCNick"], $row["PGPKey"], $row["ID"]);
+ $row["AccountType"], $row["Suspended"], $row["Email"],
+ "", "", $row["RealName"], $row["LangPreference"],
+ $row["IRCNick"], $row["PGPKey"], $row["ID"]);
+ } else {
+ print __("You do not have permission to edit this account.");
}
}
@@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) {
search_accounts_form();
} else {
- # A normal user, give them the ability to edit
- # their own account
- #
- $row = own_account_details($_COOKIE["AURSID"]);
- if (empty($row)) {
- print __("Could not retrieve information for the specified user.");
- } else {
- # don't need to check if they have permissions, this is a
- # normal user editing themselves.
- #
- print __("Use this form to update your account.");
- print "<br />";
- print __("Leave the password fields blank to keep your same password.");
- display_account_form($atype, "UpdateAccount", $row["Username"],
- $row["AccountType"], $row["Suspended"], $row["Email"],
- "", "", $row["RealName"], $row["LangPreference"],
- $row["IRCNick"], $row["PGPKey"], $row["ID"]);
- }
+ print __("You are not allowed to access this area.");
}
}