arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

make sure only a superuser can access the access controls

Browse Source
This commit is contained in:
james 2005-02-16 22:59:31 +00:00
parent 82780d85f8
commit 3b1febd3fb
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
admin/committees.php
View File

@ -167,11 +167,16 @@ if($_POST['add_member'])
} }
if($_POST['save']) if($_POST['save'])
{
if(auth_has_access("super"))
{ {
//FIXME: deal with what the user can actually do based on their own permissions //FIXME: deal with what the user can actually do based on their own permissions
if($_POST['access_admin']=="Y") $a_admin='Y'; else $a_admin='N'; if($_POST['access_admin']=="Y") $a_admin='Y'; else $a_admin='N';
if($_POST['access_config']=="Y") $a_config='Y'; else $a_config='N'; if($_POST['access_config']=="Y") $a_config='Y'; else $a_config='N';
if($_POST['access_super']=="Y") $a_super='Y'; else $a_super='N'; if($_POST['access_super']=="Y") $a_super='Y'; else $a_super='N';
$access="access_admin='$a_admin', access_config='$a_config', access_super='$a_super', ";
}
mysql_query("UPDATE committees_members SET ". mysql_query("UPDATE committees_members SET ".
"name='".$_POST['name']."', ". "name='".$_POST['name']."', ".
"password='".$_POST['password']."', ". "password='".$_POST['password']."', ".
@ -182,9 +187,7 @@ if($_POST['save'])
"phonework='".$_POST['phonework']."', ". "phonework='".$_POST['phonework']."', ".
"phonecell='".$_POST['phonecell']."', ". "phonecell='".$_POST['phonecell']."', ".
"fax='".$_POST['fax']."', ". "fax='".$_POST['fax']."', ".
"access_admin='$a_admin', ". $access.
"access_config='$a_config', ".
"access_super='$a_super', ".
" displayemail='".$_POST['displayemail']."' ". " displayemail='".$_POST['displayemail']."' ".
" WHERE id='".$_POST['save']."'"); " WHERE id='".$_POST['save']."'");