Added additional check prior to administrator status change.

e107inc · Dec 27, 2014 · 9249f89 · 9249f89
1 parent 079b223
commit 9249f89
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 6 deletions.
diff --git a/e107_admin/users.php b/e107_admin/users.php
@@ -695,15 +695,23 @@ public function AdminObserver()
 			$this->redirect('list', 'main', true);
 		}
 
-		if(!$sysuser->isAdmin())
+
+		if($this->getPosted('update_admin'))
+		{
+			 e107::getUserPerms()->updatePerms($userid, $_POST['perms']);
+			 $this->redirect('list', 'main', true);
+		}
+
+		if(!$sysuser->isAdmin()) // Security Check Only. Admin status check is added during 'updatePerms'. 
 		{
-			$sysuser->set('user_admin', 1)->save(); //"user","user_admin='1' WHERE user_id={$userid}"
-			$lan = str_replace(array('--UID--', '--NAME--', '--EMAIL--'), array($sysuser->getId(), $sysuser->getName(), $sysuser->getValue('email')), USRLAN_164);
-			e107::getLog()->add('USET_08', $lan, E_LOG_INFORMATIVE);
-			$mes->addSuccess($lan);
+		//	$sysuser->set('user_admin', 1)->save(); //"user","user_admin='1' WHERE user_id={$userid}"
+		//	$lan = str_replace(array('--UID--', '--NAME--', '--EMAIL--'), array($sysuser->getId(), $sysuser->getName(), $sysuser->getValue('email')), USRLAN_164);
+		//	e107::getLog()->add('USET_08', $lan, E_LOG_INFORMATIVE);
+		//	$mes->addSuccess($lan);
+			$mes->addWarning("You are about to make User #<b>".$sysuser->getId()."</b> : <b>".$sysuser->getName()."</b> (".$sysuser->getValue('email').") an <b>administrator</b>."); ///TODO LAN
+			$mes->addWarning("Set the permissions and click <b>Update</b> to proceed or <b>Back</b> to abort.");
 		}
 
-		if($this->getPosted('update_admin')) e107::getUserPerms()->updatePerms($userid, $_POST['perms']);
 	}
 
 	/**

diff --git a/e107_handlers/user_handler.php b/e107_handlers/user_handler.php
@@ -1598,6 +1598,13 @@ function updatePerms($uid, $permArray)
 	 	}
 
 		//$sql->db_Update("user", "user_perms='{$perm}' WHERE user_id='{$modID}' ") 
+		if(!$sysuser->isAdmin())
+		{
+			$sysuser->set('user_admin', 1)->save();
+			$lan = str_replace(array('--UID--', '--NAME--', '--EMAIL--'), array($sysuser->getId(), $sysuser->getName(), $sysuser->getValue('email')), USRLAN_164);
+			e107::getLog()->add('USET_08', $lan, E_LOG_INFORMATIVE);
+		}
+
 		e107::getMessage()->addAuto($sysuser->set('user_perms', $perm)->save(), 'update', sprintf(LAN_UPDATED, $tp->toDB($_POST['ad_name'])), false, false);
 		$logMsg = str_replace(array('--ID--', '--NAME--'),array($modID, $a_name),ADMSLAN_72).$perm;
 		e107::getLog()->add('ADMIN_01',$logMsg,E_LOG_INFORMATIVE,'');