From aab6eed1387a9f73759afc22ff3219e4844a34c0 Mon Sep 17 00:00:00 2001 From: canyonknight Date: Tue, 22 Jan 2013 22:24:17 +0000 Subject: Replace permission check code with can_edit_account() Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/html/account.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index cccdd76..2133734 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -48,11 +48,8 @@ if (isset($_COOKIE["AURSID"])) { if (empty($row)) { print __("Could not retrieve information for the specified user."); } else { - # double check to make sure logged in user can edit this account - # - if ($atype == "Developer" || ($atype == "Trusted User" && - $row["AccountType"] != "Developer") || - ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) { + /* Verify user has permission to edit the account */ + if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) { display_account_form($atype, "UpdateAccount", $row["Username"], $row["AccountType"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], -- cgit v1.2.3-54-g00ecf