diff options
author | canyonknight <canyonknight@gmail.com> | 2012-09-15 10:22:50 -0400 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2012-09-18 00:59:45 +0200 |
commit | e84eb4ae54ceaa329d154bcac214be281e71ba0a (patch) | |
tree | e771ae05de8af388b170d251698fc93380fc6515 /web/html | |
parent | d6f89f97c08d7eeb805246dc94a835057d53243d (diff) | |
download | aurweb-e84eb4ae54ceaa329d154bcac214be281e71ba0a.tar.xz |
Overhaul ability to edit own account
* Restructure account.php to remove redundant code.
* Remove own_account_details().
* Rework logic check to default to no access to account edit form.
* Make default account action viewing account info.
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
-rw-r--r-- | web/html/account.php | 34 | ||||
-rw-r--r-- | web/html/index.php | 3 |
2 files changed, 11 insertions, 26 deletions
diff --git a/web/html/account.php b/web/html/account.php index b0906d9..786ae02 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) { } else { # double check to make sure logged in user can edit this account # - if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) { - print __("You do not have permission to edit this account."); - } else { - + if ($atype == "Developer" || ($atype == "Trusted User" && + $row["AccountType"] != "Developer") || + ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) { display_account_form($atype, "UpdateAccount", $row["Username"], - $row["AccountType"], $row["Suspended"], $row["Email"], - "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["PGPKey"], $row["ID"]); + $row["AccountType"], $row["Suspended"], $row["Email"], + "", "", $row["RealName"], $row["LangPreference"], + $row["IRCNick"], $row["PGPKey"], $row["ID"]); + } else { + print __("You do not have permission to edit this account."); } } @@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) { search_accounts_form(); } else { - # A normal user, give them the ability to edit - # their own account - # - $row = own_account_details($_COOKIE["AURSID"]); - if (empty($row)) { - print __("Could not retrieve information for the specified user."); - } else { - # don't need to check if they have permissions, this is a - # normal user editing themselves. - # - print __("Use this form to update your account."); - print "<br />"; - print __("Leave the password fields blank to keep your same password."); - display_account_form($atype, "UpdateAccount", $row["Username"], - $row["AccountType"], $row["Suspended"], $row["Email"], - "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["PGPKey"], $row["ID"]); - } + print __("You are not allowed to access this area."); } } diff --git a/web/html/index.php b/web/html/index.php index 0e36883..70698a4 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -60,8 +60,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) { } else { $_REQUEST['Action'] = "AccountInfo"; } + } else { + $_REQUEST['Action'] = "AccountInfo"; } - } include get_route('/' . $tokens[1]); } elseif (get_route($path) !== NULL) { |