diff --git a/super/backuprestore.php b/super/backuprestore.php index 9210613..f41fe00 100644 --- a/super/backuprestore.php +++ b/super/backuprestore.php @@ -23,7 +23,7 @@ 'committee_main.php', diff --git a/super/index.php b/super/index.php index c7ddd4b..ca73206 100644 --- a/super/index.php +++ b/super/index.php @@ -24,7 +24,7 @@ 'committee_main.php') diff --git a/super/languagepacks.php b/super/languagepacks.php index 93b8d10..c6d7b36 100644 --- a/super/languagepacks.php +++ b/super/languagepacks.php @@ -24,7 +24,7 @@ 'committee_main.php', 'System Setup' => 'super/index.php') diff --git a/super/roletasks.php b/super/roletasks.php index a35810a..4c2bdb9 100644 --- a/super/roletasks.php +++ b/super/roletasks.php @@ -22,6 +22,8 @@ ?> 'committee_main.php', 'System Setup' => 'super/index.php') diff --git a/super/superconfig.php b/super/superconfig.php index 58a59ad..a2a2fc1 100644 --- a/super/superconfig.php +++ b/super/superconfig.php @@ -24,7 +24,7 @@ 'committee_main.php') diff --git a/super/systemvariables.php b/super/systemvariables.php index eb9909c..45ee7bb 100644 --- a/super/systemvariables.php +++ b/super/systemvariables.php @@ -25,7 +25,7 @@ require("../common.inc.php"); require_once("../user.inc.php"); require_once("../config_editor.inc.php"); - user_auth_required('committee', 'super'); + superuser_required(); //get the category, and if nothing is chosen, default to Global if($_GET['category']) $category=$_GET['category']; diff --git a/super/versionchecker.php b/super/versionchecker.php index e71c797..ba39068 100644 --- a/super/versionchecker.php +++ b/super/versionchecker.php @@ -24,7 +24,7 @@ 'committee_main.php', 'System Setup' => 'super/index.php') diff --git a/user.inc.php b/user.inc.php index f4b843b..91cee01 100644 --- a/user.inc.php +++ b/user.inc.php @@ -658,4 +658,16 @@ function user_fair_login($u) $_SESSION['fairs_id'] = $u['fairs_id'];// == 'yes') ? true : false; } +function superuser_required() { + //first, they have to be logged in + user_auth_required(); + + //next, they need superuser + if($_SESSION['superuser']!="yes") { + send_header("Superuser access required"); + send_footer(); + exit; + } +} + ?>