diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-12-07 23:24:22 +0100 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-12-07 23:24:22 +0100 |
commit | fce4f36e4ff79e90a19bf00fa69b89053b4f62a5 (patch) | |
tree | e3444665d01050168bd9d50a3477fb6656b2058c /web/html/account.php | |
parent | 20407bb8c60ff705b47df707e21a3e0f73faf239 (diff) | |
parent | 332875bbfeb15340b1d67a8f9382e67c4df52eab (diff) | |
download | aurweb-fce4f36e4ff79e90a19bf00fa69b89053b4f62a5.tar.xz |
Merge branch 'maint'
Diffstat (limited to 'web/html/account.php')
-rw-r--r-- | web/html/account.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/web/html/account.php b/web/html/account.php index 786ae02..cccdd76 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -73,9 +73,14 @@ if (isset($_COOKIE["AURSID"])) { } } elseif ($action == "UpdateAccount") { - # user is submitting their modifications to an existing account - # - if (check_token()) { + $uid = uid_from_sid($_COOKIE['AURSID']); + + /* Details for account being updated */ + $acctinfo = account_details(in_request('ID'), in_request('U')); + + /* Verify user permissions and that the request is a valid POST */ + if (can_edit_account($atype, $acctinfo, $uid) && check_token()) { + /* Update the details for the existing account */ process_account_form($atype, "edit", "UpdateAccount", in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("P"), in_request("C"), |