From e84eb4ae54ceaa329d154bcac214be281e71ba0a Mon Sep 17 00:00:00 2001 From: canyonknight Date: Sat, 15 Sep 2012 10:22:50 -0400 Subject: Overhaul ability to edit own account * Restructure account.php to remove redundant code. * Remove own_account_details(). * Rework logic check to default to no access to account edit form. * Make default account action viewing account info. Signed-off-by: canyonknight Signed-off-by: Lukas Fleischer --- web/html/account.php | 34 +++++++++------------------------- 1 file changed, 9 insertions(+), 25 deletions(-) (limited to 'web/html/account.php') diff --git a/web/html/account.php b/web/html/account.php index b0906d9..786ae02 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) { } else { # double check to make sure logged in user can edit this account # - if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) { - print __("You do not have permission to edit this account."); - } else { - + if ($atype == "Developer" || ($atype == "Trusted User" && + $row["AccountType"] != "Developer") || + ($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) { display_account_form($atype, "UpdateAccount", $row["Username"], - $row["AccountType"], $row["Suspended"], $row["Email"], - "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["PGPKey"], $row["ID"]); + $row["AccountType"], $row["Suspended"], $row["Email"], + "", "", $row["RealName"], $row["LangPreference"], + $row["IRCNick"], $row["PGPKey"], $row["ID"]); + } else { + print __("You do not have permission to edit this account."); } } @@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) { search_accounts_form(); } else { - # A normal user, give them the ability to edit - # their own account - # - $row = own_account_details($_COOKIE["AURSID"]); - if (empty($row)) { - print __("Could not retrieve information for the specified user."); - } else { - # don't need to check if they have permissions, this is a - # normal user editing themselves. - # - print __("Use this form to update your account."); - print "
"; - print __("Leave the password fields blank to keep your same password."); - display_account_form($atype, "UpdateAccount", $row["Username"], - $row["AccountType"], $row["Suspended"], $row["Email"], - "", "", $row["RealName"], $row["LangPreference"], - $row["IRCNick"], $row["PGPKey"], $row["ID"]); - } + print __("You are not allowed to access this area."); } } -- cgit v1.2.3-54-g00ecf