Browse code

bugfix: (once again) most users have multiple roles, so checking with == is wrong

Bernd Wurst authored on 30/03/2012 17:19:34
Showing 2 changed files
... ...
@@ -40,11 +40,11 @@ elseif ($_GET['action'] == 'delete')
40 40
   if (! $cert)
41 41
     system_failure('no ID');
42 42
   $username = NULL;
43
-  if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
43
+  if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
44 44
     $username = $_SESSION['userinfo']['username'];
45 45
     if (isset($_SESSION['subuser']))
46 46
       $username = $_SESSION['subuser'];
47
-  } elseif ($_SESSION['role'] == ROLE_VMAIL_ACCOUNT) {
47
+  } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
48 48
     $username = $_SESSION['mailaccount'];
49 49
   }
50 50
   if (! ($cert['username'] == $username))
... ...
@@ -67,13 +67,13 @@ function add_clientcert($certdata, $dn, $issuer, $startpage='')
67 67
 {
68 68
   $type = NULL;
69 69
   $username = NULL;
70
-  if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
70
+  if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
71 71
     $type = 'user';
72 72
     $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
73 73
     if (isset($_SESSION['subuser']))
74 74
       $username = mysql_real_escape_string($_SESSION['subuser']);
75 75
       $type = 'subuser';
76
-  } elseif ($_SESSION['role'] == ROLE_VMAIL_ACCOUNT) {
76
+  } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
77 77
     $type = 'email';
78 78
     $username = mysql_real_escape_string($_SESSION['mailaccount']);
79 79
   }
... ...
@@ -104,13 +104,13 @@ function delete_clientcert($id)
104 104
   $id = (int) $id;
105 105
   $type = NULL;
106 106
   $username = NULL;
107
-  if ($_SESSION['role'] == ROLE_SYSTEMUSER) {
107
+  if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
108 108
     $type = 'user';
109 109
     $username = mysql_real_escape_string($_SESSION['userinfo']['username']);
110 110
     if (isset($_SESSION['subuser']))
111 111
       $username = mysql_real_escape_string($_SESSION['subuser']);
112 112
       $type = 'subuser';
113
-  } elseif ($_SESSION['role'] == ROLE_VMAIL_ACCOUNT) {
113
+  } elseif ($_SESSION['role'] & ROLE_VMAIL_ACCOUNT) {
114 114
     $type = 'email';
115 115
     $username = mysql_real_escape_string($_SESSION['mailaccount']);
116 116
   }