nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix the code so that deleting and superadmin is not possible unless the user account used to do it is in the superadmin group.

Browse Source
This commit is contained in:
Mark Crane
2012-11-23 02:57:34 +00:00
parent 374d5fd2ac
commit 4f08ba6577
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/users/userdelete.php
View File

@@ -53,12 +53,14 @@ else {
//required to be a superadmin to delete a member of the superadmin group
$superadmin_list = superadmin_list($db);
if (if_superadmin($superadmin_list, $_SESSION['user_uuid'])) {
if (if_superadmin($superadmin_list, $user_uuid)) {
if (!if_group("superadmin")) {
echo "access denied";
//access denied - do not delete the user
header("Location: index.php");
return;
}
}
//delete the user
$sql_delete = "delete from v_users ";
$sql_delete .= "where domain_uuid = '$domain_uuid' ";