From 1b901616dc355cbab286ece18ca2c9c9e19d3415 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <archlinux@cryptocrack.de>
Date: Tue, 15 Jul 2014 22:17:57 +0200
Subject: Disallow privileged users to use invalid user names

Prevent Trusted Users and developers from accidentally using a name that
contains invalid characters. Also, remove user_is_privileged() which is
no longer needed after this change.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
---
 web/lib/acctfuncs.inc.php | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

(limited to 'web/lib/acctfuncs.inc.php')

diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index e2e37b8..578c376 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -117,7 +117,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",
 		$error = __("Missing User ID");
 	}
 
-	if (!$error && !valid_username($U) && !user_is_privileged($editor_user)) {
+	if (!$error && !valid_username($U)) {
 		$error = __("The username is invalid.") . "<ul>\n"
 			."<li>" . __("It must be between %s and %s characters long",
 			USERNAME_MIN_LEN,  USERNAME_MAX_LEN )
@@ -831,27 +831,6 @@ function user_delete($id) {
 	return;
 }
 
-/**
- * Determine if a user is either a Trusted User or Developer
- *
- * @param string $id The ID of the user to check if privileged
- *
- * @return int|string Return  0 if un-privileged, "2" if Trusted User, "3" if Developer
- */
-function user_is_privileged($id) {
-	$dbh = DB::connect();
-	$q = "SELECT AccountTypeID FROM Users WHERE ID = " . $id;
-	$result = $dbh->query($q);
-	if ($result) {
-		$row = $result->fetch(PDO::FETCH_NUM);
-		if($row[0] > 1) {
-			return $row[0];
-		}
-	}
-	return 0;
-
-}
-
 /**
  * Remove the session from the database on logout
  *
-- 
cgit v1.2.3-54-g00ecf