header('Location: access_denied.php');
exit();
}
-
if ($request->isPost()) {
- $cl_id = $request->getParameter('swap_with');
+ $user_id = (int)$request->getParameter('swap_with');
+ $user_details = $user->getUserDetails($user_id);
+ if (!$user_details) {
+ header('Location: access_denied.php');
+ exit();
+ }
}
+// End of access checks.
$form = new Form('swapForm');
$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name')));
if ($request->isPost()) {
if ($request->getParameter('btn_submit')) {
- if (ttTeamHelper::swapRolesWith($cl_id)) {
+ if (ttTeamHelper::swapRolesWith($user_id)) {
header('Location: users.php');
exit();
} else