/**
* check if the login user have rights to modify
* data of other users
*
* @param int $uid user id to modify
* @return bool
*/
function ask_access_to_modify_user($uid)
{
if (TRUE == rights::is_login_user($uid)) {
return TRUE;
}
$fields = array('rights');
$data = $GLOBALS['B']->user->get_user($uid, $fields);
if ($GLOBALS['B']->auth->user_rights == 4) {
if ($data['rights'] < 4) {
return TRUE;
}
return FALSE;
} elseif ($GLOBALS['B']->auth->user_rights == 5) {
return TRUE;
}
return FALSE;
}
$B->user->delete_user((int) $_POST['uid']);
@header('Location: ' . SF_BASE_LOCATION . '/admin/index.php?m=USER');
exit;
} else {
$B->form_error = 'You can remove your own user account!';
}
}
// Modify user data
if (isset($_POST['edituser'])) {
// check if some fields are empty
if (empty($_POST['forename']) || empty($_POST['lastname']) || empty($_POST['email'])) {
$B->form_error = 'You have fill out all fields!';
} else {
// Check if you want to change your own rights or status
if ($_POST['rights_orig'] != (int) $_POST['rights'] || $_POST['status_orig'] != (int) $_POST['status']) {
if (TRUE == rights::is_login_user((int) $_POST['uid'])) {
$B->form_error = 'You can not change your own rights or status!';
}
}
// Check if you can change rights to the demanded level
if (FALSE == $B->form_error && $_POST['rights_orig'] != (int) $_POST['rights']) {
if (FALSE == rights::ask_set_rights((int) $_POST['uid'], (int) $_POST['rights'])) {
$B->form_error = 'You can not change to this rights level!';
}
}
// Check if you can change status of this user
if (FALSE == $B->form_error && $_POST['status_orig'] != (int) $_POST['status']) {
if (FALSE == rights::ask_set_status((int) $_POST['uid'])) {
$B->form_error = 'You can not change status of this user!';
}
}
