nicht mehr der user mit der kleinsten UID ist Kunden sondern der, der als solcher gekennzeichnet ist. (51a8235)

nicht mehr der user mit der kleinsten UID ist Kunden sondern der, der als solcher gekennzeichnet ist.

bernd commited on 2007-08-11 17:50:51
Zeige 5 geänderte Dateien mit 10 Einfügungen und 5 Löschungen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@618 87cf0b9e-d624-0410-a070-f6ee81989793

modules/systemuser/accounts.php 9facf99..6d8ddc2
modules/systemuser/edit.php 43f6d24..acff881
modules/systemuser/include/useraccounts.php fc81da0..e27ce13
modules/systemuser/save.php 5579936..6ae91cb
session/checkuser.php a976e05..cb27e49

modules/systemuser/accounts.php

Zeige Datei @ 51a8235

@@ -17,7 +17,6 @@ if (! customer_may_have_useraccounts())
 }
 else
 {
-  $primary = primary_useraccount();
   $accounts = list_useraccounts();
   output("<p>Folgende Benutzeraccounts haben Sie bisher:</p>");
   output("<table><tr><th>Benutzername</th><th>Name</th><th>Erstellt am</th><th>Speicherplatz</th></tr>");
@@ -25,7 +24,7 @@ else
   {
 
     output("<tr><td>");
-    if ($acc->uid == $primary)
+    if (customer_useraccount($acc->uid))
       output($acc->username);
     else
       output(internal_link('edit.php', $acc->username, "uid={$acc->uid}"));

modules/systemuser/edit.php

Zeige Datei @ 51a8235

@@ -14,7 +14,7 @@ $account = get_account_details($_GET['uid']);
 
 output("<h3>Bearbeiten von Benutzer »{$account['username']}«</h3>");
 
-if ($account['uid'] == primary_useraccount())
+if (customer_useraccount($account['uid']))
   system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
 
 

modules/systemuser/include/useraccounts.php

Zeige Datei @ 51a8235

@@ -13,6 +13,12 @@ function customer_may_have_useraccounts()
   return (mysql_num_rows($result) > 0);
 }
 
+function customer_useraccount($uid) {
+  $uid = (int) $uid;
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
+  $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
+  return mysql_num_rows($result) > 0;
+}
 
 function primary_useraccount()
 {

modules/systemuser/save.php

Zeige Datei @ 51a8235

@@ -34,7 +34,7 @@ elseif ($_GET['action'] == 'edit')
 {
   $error = false;
   check_form_token('systemuser_edit');
-  if ($_POST['uid'] == primary_useraccount())
+  if (customer_useraccount($_POST['uid']))
     system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
 
   if ($_POST['newpass'] != '')

session/checkuser.php

Zeige Datei @ 51a8235

@@ -23,7 +23,7 @@ function find_role($login, $password, $i_am_admin = False)
   $uid = (int) $login;
   if ($uid == 0)
     $uid = 'NULL';
-  $result = db_query("SELECT passwort AS password, (u.uid = (SELECT min(uid) FROM system.v_useraccounts AS acc WHERE acc.kunde=u.kunde)) AS  `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
+  $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
   if (@mysql_num_rows($result) > 0)
   {
     $entry = mysql_fetch_object($result);


...	...	@@ -17,7 +17,6 @@ if (! customer_may_have_useraccounts())
17	17	}
18	18	else
19	19	{
20		- $primary = primary_useraccount();
21	20	$accounts = list_useraccounts();
22	21	output("<p>Folgende Benutzeraccounts haben Sie bisher:</p>");
23	22	output("<table><tr><th>Benutzername</th><th>Name</th><th>Erstellt am</th><th>Speicherplatz</th></tr>");
...	...	@@ -25,7 +24,7 @@ else
25	24	{
26	25
27	26	output("<tr><td>");
28		- if ($acc->uid == $primary)
	27	+ if (customer_useraccount($acc->uid))
29	28	output($acc->username);
30	29	else
31	30	output(internal_link('edit.php', $acc->username, "uid={$acc->uid}"));

...	...	@@ -14,7 +14,7 @@ $account = get_account_details($_GET['uid']);
14	14
15	15	output("<h3>Bearbeiten von Benutzer »{$account['username']}«</h3>");
16	16
17		-if ($account['uid'] == primary_useraccount())
	17	+if (customer_useraccount($account['uid']))
18	18	system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
19	19
20	20

...	...	@@ -13,6 +13,12 @@ function customer_may_have_useraccounts()
13	13	return (mysql_num_rows($result) > 0);
14	14	}
15	15
	16	+function customer_useraccount($uid) {
	17	+ $uid = (int) $uid;
	18	+ $customerno = (int) $_SESSION['customerinfo']['customerno'];
	19	+ $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
	20	+ return mysql_num_rows($result) > 0;
	21	+}
16	22
17	23	function primary_useraccount()
18	24	{

...	...	@@ -34,7 +34,7 @@ elseif ($_GET['action'] == 'edit')
34	34	{
35	35	$error = false;
36	36	check_form_token('systemuser_edit');
37		- if ($_POST['uid'] == primary_useraccount())
	37	+ if (customer_useraccount($_POST['uid']))
38	38	system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
39	39
40	40	if ($_POST['newpass'] != '')

...	...	@@ -23,7 +23,7 @@ function find_role($login, $password, $i_am_admin = False)
23	23	$uid = (int) $login;
24	24	if ($uid == 0)
25	25	$uid = 'NULL';
26		- $result = db_query("SELECT passwort AS password, (u.uid = (SELECT min(uid) FROM system.v_useraccounts AS acc WHERE acc.kunde=u.kunde)) AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
	26	+ $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
27	27	if (@mysql_num_rows($result) > 0)
28	28	{
29	29	$entry = mysql_fetch_object($result);
30	30

webinterface.git