Browse code

nicht mehr der user mit der kleinsten UID ist Kunden sondern der, der als solcher gekennzeichnet ist.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@618 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on11/08/2007 17:50:51
Showing5 changed files
... ...
@@ -17,7 +17,6 @@ if (! customer_may_have_useraccounts())
17 17
 }
18 18
 else
19 19
 {
20
-  $primary = primary_useraccount();
21 20
   $accounts = list_useraccounts();
22 21
   output("<p>Folgende Benutzeraccounts haben Sie bisher:</p>");
23 22
   output("<table><tr><th>Benutzername</th><th>Name</th><th>Erstellt am</th><th>Speicherplatz</th></tr>");
... ...
@@ -25,7 +24,7 @@ else
25 24
   {
26 25
 
27 26
     output("<tr><td>");
28
-    if ($acc->uid == $primary)
27
+    if (customer_useraccount($acc->uid))
29 28
       output($acc->username);
30 29
     else
31 30
       output(internal_link('edit.php', $acc->username, "uid={$acc->uid}"));
... ...
@@ -14,7 +14,7 @@ $account = get_account_details($_GET['uid']);
14 14
 
15 15
 output("<h3>Bearbeiten von Benutzer »{$account['username']}«</h3>");
16 16
 
17
-if ($account['uid'] == primary_useraccount())
17
+if (customer_useraccount($account['uid']))
18 18
   system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
19 19
 
20 20
 
... ...
@@ -13,6 +13,12 @@ function customer_may_have_useraccounts()
13 13
   return (mysql_num_rows($result) > 0);
14 14
 }
15 15
 
16
+function customer_useraccount($uid) {
17
+  $uid = (int) $uid;
18
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
19
+  $result = db_query("SELECT 1 FROM system.useraccounts WHERE kunde={$customerno} AND uid={$uid} AND kundenaccount=1");
20
+  return mysql_num_rows($result) > 0;
21
+}
16 22
 
17 23
 function primary_useraccount()
18 24
 {
... ...
@@ -34,7 +34,7 @@ elseif ($_GET['action'] == 'edit')
34 34
 {
35 35
   $error = false;
36 36
   check_form_token('systemuser_edit');
37
-  if ($_POST['uid'] == primary_useraccount())
37
+  if (customer_useraccount($_POST['uid']))
38 38
     system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
39 39
 
40 40
   if ($_POST['newpass'] != '')
... ...
@@ -23,7 +23,7 @@ function find_role($login, $password, $i_am_admin = False)
23 23
   $uid = (int) $login;
24 24
   if ($uid == 0)
25 25
     $uid = 'NULL';
26
-  $result = db_query("SELECT passwort AS password, (u.uid = (SELECT min(uid) FROM system.v_useraccounts AS acc WHERE acc.kunde=u.kunde)) AS  `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
26
+  $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
27 27
   if (@mysql_num_rows($result) > 0)
28 28
   {
29 29
     $entry = mysql_fetch_object($result);