global $user;
$mdb2 = getConnection();
- $sql = "select u.*, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id";
+ $sql = "select u.*, r.rank from tt_users u left join tt_roles r on (u.role_id = r.id) where u.id = $user_id and u.team_id = $user->team_id and u.status is not null";
$res = $mdb2->query($sql);
if (!is_a($res, 'PEAR_Error')) {
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.17.72.4170 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.17.72.4171 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
// Security checks.
if (!$user_details || // No details.
- $user_details['team_id'] <> $user->team_id || // User not in team.
$user_details['rank'] > $user->rank || // User has a bigger rank.
($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
) {
// Security checks.
if (!$user_details || // No details.
- $user_details['team_id'] <> $user->team_id || // User not in team.
$user_details['rank'] > $user->rank || // User has a bigger rank.
($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
) {
import('form.Form');
import('ttUserHelper');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
-
-// Get user id we are deleting from the request.
+// Get user id we are deleting.
// A cast to int is for safety against manipulation of request parameter (sql injection).
$user_id = (int) $request->getParameter('id');
// We need user name and login to display.
$user_details = ttUserHelper::getUserDetails($user_id);
-
-// Security checks.
if (!$user_details || // No details.
- $user_details['team_id'] <> $user->team_id || // User not in team.
$user_details['rank'] > $user->rank || // User has a bigger rank.
($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
$smarty->assign('user_to_delete', $user_details['name']." (".$user_details['login'].")");
import('form.TableColumn');
import('ttRoleHelper');
-// Access check.
+// Access checks.
if (!ttAccessAllowed('manage_users')) {
header('Location: access_denied.php');
exit();
}
-
// Get user id we are editing from the request.
$user_id = (int) $request->getParameter('id');
// Get user details.
$user_details = ttUserHelper::getUserDetails($user_id);
-
-// Security checks.
if (!$user_details || // No details.
- $user_details['team_id'] <> $user->team_id || // User not in team.
$user_details['rank'] > $user->rank || // User has a bigger rank.
($user_details['rank'] == $user->rank && $user_details['id'] <> $user->id) // Same rank but not us.
) {
header('Location: access_denied.php');
exit();
}
+// End of access checks.
if ($user->isPluginEnabled('cl'))
$clients = ttTeamHelper::getActiveClients($user->team_id);