Commit e84eb4ae authored by canyonknight's avatar canyonknight Committed by Lukas Fleischer
Browse files

Overhaul ability to edit own account



* Restructure account.php to remove redundant code.
* Remove own_account_details().
* Rework logic check to default to no access to account edit form.
* Make default account action viewing account info.
Signed-off-by: default avatarcanyonknight <canyonknight@gmail.com>
Signed-off-by: default avatarLukas Fleischer <archlinux@cryptocrack.de>
parent d6f89f97
......@@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) {
} else {
# double check to make sure logged in user can edit this account
#
if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
print __("You do not have permission to edit this account.");
} else {
if ($atype == "Developer" || ($atype == "Trusted User" &&
$row["AccountType"] != "Developer") ||
($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $row["ID"]);
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $row["ID"]);
} else {
print __("You do not have permission to edit this account.");
}
}
......@@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) {
search_accounts_form();
} else {
# A normal user, give them the ability to edit
# their own account
#
$row = own_account_details($_COOKIE["AURSID"]);
if (empty($row)) {
print __("Could not retrieve information for the specified user.");
} else {
# don't need to check if they have permissions, this is a
# normal user editing themselves.
#
print __("Use this form to update your account.");
print "<br />";
print __("Leave the password fields blank to keep your same password.");
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $row["ID"]);
}
print __("You are not allowed to access this area.");
}
}
......
......@@ -60,8 +60,9 @@ if (isset($tokens[1]) && '/' . $tokens[1] == get_pkg_route()) {
} else {
$_REQUEST['Action'] = "AccountInfo";
}
} else {
$_REQUEST['Action'] = "AccountInfo";
}
}
include get_route('/' . $tokens[1]);
} elseif (get_route($path) !== NULL) {
......
......@@ -719,24 +719,6 @@ function account_details($uid, $username, $dbh=NULL) {
return $row;
}
function own_account_details($sid, $dbh=NULL) {
if(!$dbh) {
$dbh = db_connect();
}
$q = "SELECT Users.*, AccountTypes.AccountType ";
$q.= "FROM Users, AccountTypes, Sessions ";
$q.= "WHERE AccountTypes.ID = Users.AccountTypeID ";
$q.= "AND Users.ID = Sessions.UsersID ";
$q.= "AND Sessions.SessionID = " . $dbh->quote($sid);
$result = $dbh->query($q);
if ($result) {
$row = $result->fetch(PDO::FETCH_ASSOC);
}
return $row;
}
function tu_voted($voteid, $uid, $dbh=NULL) {
if (!$dbh) {
$dbh = db_connect();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment