From c951c589847d8cb2453b45cf16e433d865fe7d6d Mon Sep 17 00:00:00 2001 From: james Date: Tue, 21 Nov 2006 20:20:25 +0000 Subject: [PATCH] Only allow the Password: field in the committee manager to be shown/displayed/edited by someone with superuser access level (i thought thats how it always was!, thats how it was meant to be at least!) --- admin/committees.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/admin/committees.php b/admin/committees.php index 5823896..b0aa40d 100644 --- a/admin/committees.php +++ b/admin/committees.php @@ -177,6 +177,12 @@ if($_POST['save']) if($_POST['access_super']=="Y") $a_super='Y'; else $a_super='N'; $access="access_admin='$a_admin', access_config='$a_config', access_super='$a_super', "; + $pass="password='".mysql_escape_string(stripslashes($_POST['password']))."', "; + } + else + { + $access=""; + $pass=""; } //check for unique email address @@ -200,7 +206,7 @@ if($_POST['save']) mysql_query("UPDATE committees_members SET ". "name='".mysql_escape_string(stripslashes($_POST['name']))."', ". - "password='".mysql_escape_string(stripslashes($_POST['password']))."', ". + $pass. "organization='".mysql_escape_string(stripslashes($_POST['organization']))."', ". $emailupdate. $emailprivateupdate. @@ -268,7 +274,9 @@ if($_GET['edit'] || $edit) echo ""; echo ""; - echo ""; + + if(auth_has_access("super")) + echo ""; $cq=mysql_query("SELECT committees.name, committees.id, committees_link.title, committees_link.ord FROM committees,committees_link WHERE committees_link.committees_id=committees.id AND committees_link.committees_members_id='$e' ORDER BY committees.name");
".i18n("Name").":name)."\" />
".i18n("Password").":password\" />
".i18n("Password").":password\" />