summaryrefslogtreecommitdiffstats
path: root/web/html
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-09-15 10:22:50 -0400
committerLukas Fleischer <archlinux@cryptocrack.de>2012-09-18 00:59:45 +0200
commite84eb4ae54ceaa329d154bcac214be281e71ba0a (patch)
treee771ae05de8af388b170d251698fc93380fc6515 /web/html
parentd6f89f97c08d7eeb805246dc94a835057d53243d (diff)
downloadaurweb-e84eb4ae54ceaa329d154bcac214be281e71ba0a.tar.xz
Overhaul ability to edit own account
* Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/account.php34
-rw-r--r--web/html/index.php3
2 files changed, 11 insertions, 26 deletions
diff --git a/web/html/account.php b/web/html/account.php
index b0906d9..786ae02 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) {
} else {
# double check to make sure logged in user can edit this account
#
- if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
- print __("You do not have permission to edit this account.");
- } else {
-
+ if ($atype == "Developer" || ($atype == "Trusted User" &&
+ $row["AccountType"] != "Developer") ||
+ ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"],
- $row["AccountType"], $row["Suspended"], $row["Email"],
- "", "", $row["RealName"], $row["LangPreference"],
- $row["IRCNick"], $row["PGPKey"], $row["ID"]);
+ $row["AccountType"], $row["Suspended"], $row["Email"],
+ "", "", $row["RealName"], $row["LangPreference"],
+ $row["IRCNick"], $row["PGPKey"], $row["ID"]);
+ } else {
+ print __("You do not have permission to edit this account.");
}
}
@@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) {
search_accounts_form();
} else {
- # A normal user, give them the ability to edit
- # their own account
- #
- $row = own_account_details($_COOKIE["AURSID"]);
- if (empty($row)) {
- print __("Could not retrieve information for the specified user.");
- } else {
- # don't need to check if they have permissions, this is a
- # normal user editing themselves.
- #
- print __("Use this form to update your account.");
- print "<br />";
- print __("Leave the password fields blank to keep your same password.");
- display_account_form($atype, "UpdateAccount", $row["Username"],
- $row["AccountType"], $row["Suspended"], $row["Email"],
- "", "", $row["RealName"], $row["LangPreference"],
- $row["IRCNick"], $row["PGPKey"], $row["ID"]);
- }
+ print __("You are not allowed to access this area.");
}
}
diff --git a/web/html/index.php b/web/html/index.php
index 0e36883..70698a4 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -60,8 +60,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
} else {
$_REQUEST['Action'] = "AccountInfo";
}
+ } else {
+ $_REQUEST['Action'] = "AccountInfo";
}
-
}
include get_route('/' . $tokens[1]);
} elseif (get_route($path) !== NULL) {