/** * check if the login user have rights to modify * data of other users * * @param int $uid user id to modify * @return bool */ function ask_access_to_modify_user($uid) { if (TRUE == rights::is_login_user($uid)) { return TRUE; } $fields = array('rights'); $data = $GLOBALS['B']->user->get_user($uid, $fields); if ($GLOBALS['B']->auth->user_rights == 4) { if ($data['rights'] < 4) { return TRUE; } return FALSE; } elseif ($GLOBALS['B']->auth->user_rights == 5) { return TRUE; } return FALSE; }
$B->user->delete_user((int) $_POST['uid']); @header('Location: ' . SF_BASE_LOCATION . '/admin/index.php?m=USER'); exit; } else { $B->form_error = 'You can remove your own user account!'; } } // Modify user data if (isset($_POST['edituser'])) { // check if some fields are empty if (empty($_POST['forename']) || empty($_POST['lastname']) || empty($_POST['email'])) { $B->form_error = 'You have fill out all fields!'; } else { // Check if you want to change your own rights or status if ($_POST['rights_orig'] != (int) $_POST['rights'] || $_POST['status_orig'] != (int) $_POST['status']) { if (TRUE == rights::is_login_user((int) $_POST['uid'])) { $B->form_error = 'You can not change your own rights or status!'; } } // Check if you can change rights to the demanded level if (FALSE == $B->form_error && $_POST['rights_orig'] != (int) $_POST['rights']) { if (FALSE == rights::ask_set_rights((int) $_POST['uid'], (int) $_POST['rights'])) { $B->form_error = 'You can not change to this rights level!'; } } // Check if you can change status of this user if (FALSE == $B->form_error && $_POST['status_orig'] != (int) $_POST['status']) { if (FALSE == rights::ask_set_status((int) $_POST['uid'])) { $B->form_error = 'You can not change status of this user!'; } }