Only allow the Password: field in the committee manager to be shown/displayed/edited by someone with superuser access level

(i thought thats how it always was!, thats how it was meant to be at least!)

admin/committees.php

@@ -177,6 +177,12 @@ if($_POST['save'])
 		if($_POST['access_super']=="Y") $a_super='Y'; else $a_super='N';
 
 		$access="access_admin='$a_admin', access_config='$a_config', access_super='$a_super', "; 
+		$pass="password='".mysql_escape_string(stripslashes($_POST['password']))."', ";
+	}
+	else
+	{
+		$access="";
+		$pass="";
 	}
 
 	//check for unique email address
@@ -200,7 +206,7 @@ if($_POST['save'])
 
 	mysql_query("UPDATE committees_members SET ".
 		"name='".mysql_escape_string(stripslashes($_POST['name']))."', ".
-		"password='".mysql_escape_string(stripslashes($_POST['password']))."', ".
+		$pass.
 		"organization='".mysql_escape_string(stripslashes($_POST['organization']))."', ".
 		$emailupdate.
 		$emailprivateupdate.
@@ -268,7 +274,9 @@ if($_GET['edit'] || $edit)
 	echo "<table>";
 
 	echo "<tr><td>".i18n("Name").":</td><td><input size=\"25\" type=\"text\" name=\"name\" value=\"".htmlspecialchars($r->name)."\" /></td></tr>";
-	echo "<tr><td>".i18n("Password").":</td><td><input size=\"15\" type=\"text\" name=\"password\" value=\"$r->password\" /></td></tr>";
+
+	if(auth_has_access("super"))
+		echo "<tr><td>".i18n("Password").":</td><td><input size=\"15\" type=\"text\" name=\"password\" value=\"$r->password\" /></td></tr>";
 
 	$cq=mysql_query("SELECT committees.name, committees.id, committees_link.title, committees_link.ord FROM committees,committees_link WHERE committees_link.committees_id=committees.id AND committees_link.committees_members_id='$e' ORDER BY committees.name");