diff --git a/accred_form.php b/accred_form.php
index 7c5b3d15..82d5cb86 100644
--- a/accred_form.php
+++ b/accred_form.php
@@ -8,11 +8,19 @@ require_once 'vendor/autoload.php';
$aid = $_GET['aid'];
$isAdmin = $_SESSION['admin']==1;
+ $isEditable = $_SESSION['allowedit']==1;
if(!$userid) {
syslog(LOG_ERR, "Unauthorized access to form page aid:$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
header('Location: accred_list');
die();
}
+ if(!$isAdmin && $isEditable!=1) {
+ syslog(LOG_ERR, "Unauthorized access to form page aid by non editable user :$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
+ header('Location: accred_list');
+ die();
+ }
+
+
$uname = $_SESSION['name'];
if($_POST['btncancel']) {
header('Location: accred_list');
diff --git a/accred_list.php b/accred_list.php
index 5e135be8..35c87593 100644
--- a/accred_list.php
+++ b/accred_list.php
@@ -9,9 +9,9 @@
// CSRF Counter-measure
$token = md5(uniqid(rand(), TRUE));
$_SESSION['state'] = $token;
-
$userid = $_SESSION['uid'];
$isAdmin = $_SESSION['admin']==1;
+ $isEditable = $_SESSION['allowedit']==1;
// Bail out if not logged in
if($userid=='') {
header("location: index?");
@@ -240,13 +240,21 @@ if ($mysqli->connect_errno) {
>
Bienvenue
+
+
+
Le formulaire est ouvert, les utilisateurs peuvent modifier ou ajouter des demandes
+
+
Le formulaire est fermé, les utilisateurs ne peuvent plus modifier ou ajouter des demandes
+
Commande
+
- Nouvelle demande
+
- Export Excel
@@ -347,9 +355,9 @@ $(document).ready(function(){
$(td).addClass('bck-check ');
break;
case "1":
- $(td).addClass('bck-edit editable');
+ $(td).addClass('bck-edit ');
break;
- case "2":
+ case "3":
$(td).addClass('bck-processed');
break;
}