diff options
| author | Bruno Ribas <brunoribas@gmail.com> | 2020-11-05 17:31:43 +0000 |
|---|---|---|
| committer | Bruno Ribas <brunoribas@gmail.com> | 2020-11-05 17:31:43 +0000 |
| commit | 17da397161ebecbe943338df9cb39f84820e1278 (patch) | |
| tree | efc08454cd113383e07942c7aa94b337935971bd | |
| parent | 7e252ed1f45b2a89e200f7a5020adea5290ffae0 (diff) | |
| download | boca-17da397161ebecbe943338df9cb39f84820e1278.tar.gz boca-17da397161ebecbe943338df9cb39f84820e1278.zip | |
optionlower.php: Prevent teams to update their info
Merge from 2018
Signed-off-by: Bruno Ribas <brunoribas@gmail.com>
| -rw-r--r-- | src/optionlower.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/optionlower.php b/src/optionlower.php index 9be827b..574733d 100644 --- a/src/optionlower.php +++ b/src/optionlower.php @@ -29,6 +29,11 @@ $loc = $_SESSION['loc']; if (isset($_GET["username"]) && isset($_GET["userfullname"]) && isset($_GET["userdesc"]) && isset($_GET["passwordo"]) && isset($_GET["passwordn"])) { + if($_SESSION["usertable"]["usertype"] == 'team') { + MSGError('Updates are not allowed'); + ForceLoad("option.php"); + } + $username = myhtmlspecialchars($_GET["username"]); $userfullname = myhtmlspecialchars($_GET["userfullname"]); $userdesc = myhtmlspecialchars($_GET["userdesc"]); |