arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

cannot use $users_id since its a session variable, and with register_globals ON $users_id overwrites $_SESSION['users_id']

Browse Source
This commit is contained in:
james 2007-11-19 21:45:08 +00:00
parent 1937045874
commit cf2c345e03
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
admin/committees.php
View File

@ -27,7 +27,8 @@
user_auth_required('committee', 'admin'); user_auth_required('committee', 'admin');
$users_id = intval($_POST['users_id']); if($_POST['users_id'])
$uid = intval($_POST['users_id']);
/* Some actions we want to redirect to the personal editor, so deal with those first */ /* Some actions we want to redirect to the personal editor, so deal with those first */
if($_POST['add_member']) if($_POST['add_member'])
@ -40,7 +41,7 @@
} }
if($_POST['action'] == 'edit') { if($_POST['action'] == 'edit') {
header("location: {$config['SFIABDIRECTORY']}/user_personal.php?edit=$users_id"); header("location: {$config['SFIABDIRECTORY']}/user_personal.php?edit=$uid");
exit; exit;
} }
@ -141,11 +142,11 @@ if($_POST['action']=="assign")
if($_POST['committees_id'] && $_POST['users_id']) if($_POST['committees_id'] && $_POST['users_id'])
{ {
$cid = intval($_POST['committees_id']); $cid = intval($_POST['committees_id']);
$q=mysql_query("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_id='$users_id'"); $q=mysql_query("SELECT * FROM committees_link WHERE committees_id='$cid' AND users_id='$uid'");
if(!mysql_num_rows($q)) if(!mysql_num_rows($q))
{ {
mysql_query("INSERT INTO committees_link (committees_id,users_id) VALUES ('$cid','$users_id')"); mysql_query("INSERT INTO committees_link (committees_id,users_id) VALUES ('$cid','$uid')");
echo happy(i18n("Successfully added member to committee")); echo happy(i18n("Successfully added member to committee"));
} }
else else
@ -166,8 +167,8 @@ if($_GET['deletecommittee'])
if($_POST['action']=="remove") if($_POST['action']=="remove")
{ {
user_delete($users_id, 'committee'); user_delete($uid, 'committee');
mysql_query("DELETE FROM committees_link WHERE users_id='$users_id'"); mysql_query("DELETE FROM committees_link WHERE users_id='$uid'");
echo happy(i18n("Committee member removed")); echo happy(i18n("Committee member removed"));
} }
@ -194,7 +195,7 @@ if($_POST['add_member_to_committees_id'])
echo "<tr><td>"; echo "<tr><td>";
echo "<h4>".i18n("Add Committee")."</h4>\n"; echo "<h4>".i18n("Add Committee")."</h4>\n";
echo "<form method=\"post\"action=\"committees.php\">\n"; echo "<form method=\"post\" action=\"committees.php\">\n";
echo "<table>\n"; echo "<table>\n";
echo "<tr><td>".i18n("Committee Name").": </td><td><input type=\"text\" size=\"15\" name=\"addcommittee\" /></td>"; echo "<tr><td>".i18n("Committee Name").": </td><td><input type=\"text\" size=\"15\" name=\"addcommittee\" /></td>";
echo " <td><input type=\"submit\" value=\"".i18n("Add")."\" /></td></tr>\n"; echo " <td><input type=\"submit\" value=\"".i18n("Add")."\" /></td></tr>\n";