} else { // Check if you want to change your own rights or status if ($_POST['rights_orig'] != (int) $_POST['rights'] || $_POST['status_orig'] != (int) $_POST['status']) { if (TRUE == rights::is_login_user((int) $_POST['uid'])) { $B->form_error = 'You can not change your own rights or status!'; } } // Check if you can change rights to the demanded level if (FALSE == $B->form_error && $_POST['rights_orig'] != (int) $_POST['rights']) { if (FALSE == rights::ask_set_rights((int) $_POST['uid'], (int) $_POST['rights'])) { $B->form_error = 'You can not change to this rights level!'; } } // Check if you can change status of this user if (FALSE == $B->form_error && $_POST['status_orig'] != (int) $_POST['status']) { if (FALSE == rights::ask_set_status((int) $_POST['uid'])) { $B->form_error = 'You can not change status of this user!'; } } // if no error occure, proceed ... if (empty($B->form_error)) { $B->tmp_data = array('forename' => $B->db->quoteSmart($B->util->stripSlashes($_POST['forename'])), 'lastname' => $B->db->quoteSmart($B->util->stripSlashes($_POST['lastname'])), 'email' => $B->db->quoteSmart($B->util->stripSlashes($_POST['email'])), 'rights' => (int) $_POST['rights'], 'status' => (int) $_POST['status']); // update password if it isnt empty if (!empty($_POST['passwd'])) { $B->tmp_data['passwd'] == $B->db->quoteSmart(md5($_POST['passwd'])); } // update user data if (FALSE != $B->user->update_user((int) $_REQUEST['uid'], $B->tmp_data)) { @header('Location: ' . SF_BASE_LOCATION . '/admin/index.php?m=USER'); exit; } else {