external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Overhaul ability to edit own account

Browse source 
* Restructure account.php to remove redundant code.
* Remove own_account_details().
* Rework logic check to default to no access to account edit form.
* Make default account action viewing account info.

Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2012-09-15 10:22:50 -04:00 committed by Lukas Fleischer
parent d6f89f97c0
commit e84eb4ae54
3 changed files with 11 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

34
web/html/account.php
View file

@ -50,14 +50,15 @@ if (isset($_COOKIE["AURSID"])) {
} else {
# double check to make sure logged in user can edit this account
#
if ($atype == "User" || ($atype == "Trusted User" && $row["AccountType"] == "Developer")) {
print __("You do not have permission to edit this account.");
} else {
if ($atype == "Developer" || ($atype == "Trusted User" &&
$row["AccountType"] != "Developer") ||
($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $row["ID"]);
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $row["ID"]);
} else {
print __("You do not have permission to edit this account.");
}
}
@ -89,24 +90,7 @@ if (isset($_COOKIE["AURSID"])) {
search_accounts_form();
} else {
# A normal user, give them the ability to edit
# their own account
#
$row = own_account_details($_COOKIE["AURSID"]);
if (empty($row)) {
print __("Could not retrieve information for the specified user.");
} else {
# don't need to check if they have permissions, this is a
# normal user editing themselves.
#
print __("Use this form to update your account.");
print "<br />";
print __("Leave the password fields blank to keep your same password.");
display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $row["ID"]);
}
print __("You are not allowed to access this area.");
}
}