summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 22:17:57 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-15 22:56:57 +0200
commit1b901616dc355cbab286ece18ca2c9c9e19d3415 (patch)
tree1978c6677b590b5ae8cd6709f4a5ffc6c8e6a510 /web/lib
parent03c6304e19d5d3ecd276dd3f42220db301ab511d (diff)
downloadaurweb-1b901616dc355cbab286ece18ca2c9c9e19d3415.tar.xz
Disallow privileged users to use invalid user names
Prevent Trusted Users and developers from accidentally using a name that contains invalid characters. Also, remove user_is_privileged() which is no longer needed after this change. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/acctfuncs.inc.php23
1 files changed, 1 insertions, 22 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index e2e37b8..578c376 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -117,7 +117,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("Missing User ID");
}
- if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) {
+ if (!$error && !valid_username($U)) {
$error = __("The username is invalid.") . "<ul>\n"
."<li>" . __("It must be between %s and %s characters long",
USERNAME_MIN_LEN, USERNAME_MAX_LEN )
@@ -832,27 +832,6 @@ function user_delete($id) {
}
/**
- * Determine if a user is either a Trusted User or Developer
- *
- * @param string $id The ID of the user to check if privileged
- *
- * @return int|string Return 0 if un-privileged, "2" if Trusted User, "3" if Developer
- */
-function user_is_privileged($id) {
- $dbh = DB::connect();
- $q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
- $result = $dbh->query($q);
- if ($result) {
- $row = $result->fetch(PDO::FETCH_NUM);
- if($row[0] > 1) {
- return $row[0];
- }
- }
- return 0;
-
-}
-
-/**
* Remove the session from the database on logout
*
* @param string $sid User's session ID