From af925fb218e7a333759eb49c667bfb22eb71196d Mon Sep 17 00:00:00 2001
From: Cassio de Campos <cassiopc@gmail.com>
Date: Fri, 4 Aug 2017 14:20:51 +0100
Subject: bug fixes

---
 src/freport.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/freport.php')

diff --git a/src/freport.php b/src/freport.php
index 2cbef4c..cded59b 100644
--- a/src/freport.php
+++ b/src/freport.php
@@ -44,6 +44,8 @@ function DBRunReport($contest,$site) {
 	$n = DBnlines($r);
 	for ($i=0;$i<$n;$i++) {
 		$a = DBRow($r,$i);
+		//cassiopc: staff users should see only same site, so checking of teamYYYY and staffXXXX have YYYY=XXXX
+		if($_SESSION["usertable"]["usertype"] != "admin" && substr($a['name'],4,4) != substr($_SESSION["usertable"]["username"],5,4)) continue;
 		$xusername[$a['un']] = $a['name'];
 		$xuserfull[$a['name']] = $a['fullname'];
 	}
@@ -67,6 +69,8 @@ function DBRunReport($contest,$site) {
 
 	for ($i=0;$i<$n;$i++) {
 		$a = DBRow($r,$i);
+		//cassiopc: staff users should see only same site, so checking of teamYYYY and staffXXXX have YYYY=XXXX
+		if($_SESSION["usertable"]["usertype"] != "admin" && substr($a['user'],4,4) != substr($_SESSION["usertable"]["username"],5,4)) continue;
 		$xdados[$i] = $a;
 		// # of runs by team
 		if(isset($xuser[$a['user']]))
-- 
cgit v1.2.3