General fixes

+Fixed a bug that permitted to edit alliance leader's permissions
This commit is contained in:
iopietro
2018-05-30 20:25:29 +02:00
parent d171ac02cc
commit e0166b1242
4 changed files with 9 additions and 9 deletions
+2 -1
View File
@@ -452,8 +452,9 @@ class Alliance {
}
if($this->userPermArray['opt1'] == 0) $form->addError("perm", NO_PERMISSION);
elseif($database->getUserField($post['a_user'], "alliance", 0) != $session->alliance) $form->addError("perm", USER_NOT_IN_YOUR_ALLY);
elseif($database->getUserField($post['a_user'], "alliance", 0) != $session->alliance) $form->addError("perm", USER_NOT_IN_YOUR_ALLY);
elseif($post['a_user'] == $session->uid) $form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS);
elseif($database->isAllianceOwner($_POST['a_user'])) $form->addError("perm", CANT_EDIT_LEADER_PERMISSIONS);
else
{
$database->updateAlliPermissions($post['a_user'], $session->alliance, $post['a_titel'], $post['e1'], $post['e2'], $post['e3'], $post['e4'], $post['e5'], $post['e6'], $post['e7']);
+1
View File
@@ -75,6 +75,7 @@ define("ALREADY_ALLY_MEMBER","You're already in an alliance");
define("ALLY_TOO_LOW", "You must have a level 3 or greater embassy");
define("USER_NOT_IN_YOUR_ALLY","This user is not in your alliance!");
define("CANT_EDIT_YOUR_PERMISSIONS","You can't edit your own permissions!");
define("CANT_EDIT_LEADER_PERMISSIONS","Alliance leader's permissions can't be edited!");
define("NO_PERMISSION", "You don't have enough permissions!");
define("NAME_OR_DIPL_EMPTY", "Name or diplomacy empty");
define("ALLY_DOESNT_EXISTS","Alliance does not exist");
+3 -5
View File
@@ -24,10 +24,8 @@ if($session->access!=BANNED){
<td>
<select name="a_user" class="name dropdown">
<?php
foreach($memberlist as $member)
{
if($member['id'] != $session->uid)
{
foreach($memberlist as $member){
if($member['id'] != $session->uid && !$database->isAllianceOwner($member['id'])){
echo "<option value=".$member['id'].">".$member['username']."</option>";
}
}
@@ -40,7 +38,7 @@ if($session->access!=BANNED){
<p>
<input type="hidden" name="o" value="1">
<input type="hidden" name="s" value="5">
<button value="ok" name="s1" id="btn_ok" class="trav_buttons" alt="OK" /> Ok </button>
<button value="ok" name="s1" id="btn_ok" class="trav_buttons">OK</button>
</p>
</form>
<?php
+3 -3
View File
@@ -1,9 +1,9 @@
<?php
if($database->getUserField($_POST['a_user'], "alliance", 0) != $session->alliance)
{
$form->addError("perm", USER_NOT_IN_YOUR_ALLY);
if($database->getUserField($_POST['a_user'], "alliance", 0) != $session->alliance){
$form->addError("perm", USER_NOT_IN_YOUR_ALLY);
}
elseif($_POST['a_user'] == $session->uid) $form->addError("perm", CANT_EDIT_YOUR_PERMISSIONS);
elseif($database->isAllianceOwner($_POST['a_user'])) $form->addError("perm", CANT_EDIT_LEADER_PERMISSIONS);
if($form->returnErrors() > 0)
{