dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the code so that deleting and superadmin is not possible unless the user account used to do it is in the superadmin group.

This commit is contained in:
Mark Crane 2012-11-23 02:57:34 +00:00
parent 374d5fd2ac
commit 4f08ba6577
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/users/userdelete.php
View File

@ -53,12 +53,14 @@ else {
//required to be a superadmin to delete a member of the superadmin group //required to be a superadmin to delete a member of the superadmin group
$superadmin_list = superadmin_list($db); $superadmin_list = superadmin_list($db);
if (if_superadmin($superadmin_list, $_SESSION['user_uuid'])) { if (if_superadmin($superadmin_list, $user_uuid)) {
if (!if_group("superadmin")) { if (!if_group("superadmin")) {
echo "access denied"; //access denied - do not delete the user
header("Location: index.php");
return; return;
} }
} }
//delete the user //delete the user
$sql_delete = "delete from v_users "; $sql_delete = "delete from v_users ";
$sql_delete .= "where domain_uuid = '$domain_uuid' "; $sql_delete .= "where domain_uuid = '$domain_uuid' ";