From aab6eed1387a9f73759afc22ff3219e4844a34c0 Mon Sep 17 00:00:00 2001
From: canyonknight <canyonknight@gmail.com>
Date: Tue, 22 Jan 2013 22:24:17 +0000
Subject: Replace permission check code with can_edit_account()

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/html/account.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'web/html')

diff --git a/web/html/account.php b/web/html/account.php
index cccdd76..2133734 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -48,11 +48,8 @@ if (isset($_COOKIE["AURSID"])) {
 		if (empty($row)) {
 			print __("Could not retrieve information for the specified user.");
 		} else {
-			# double check to make sure logged in user can edit this account
-			#
-			if ($atype == "Developer" || ($atype == "Trusted User" &&
-				$row["AccountType"] != "Developer") ||
-				($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
+			/* Verify user has permission to edit the account */
+			if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) {
 				display_account_form($atype, "UpdateAccount", $row["Username"],
 					$row["AccountType"], $row["Suspended"], $row["Email"],
 					"", "", $row["RealName"], $row["LangPreference"],
-- 
cgit v1.2.3-54-g00ecf