diff options
Diffstat (limited to 'app/class/controlleruser.php')
| -rw-r--r-- | app/class/controlleruser.php | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index 7863956..495fab5 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -58,15 +58,18 @@ class Controlleruser extends Controller case 'update': $user = $this->usermanager->get($_POST['id']); - $user->hydrate($_POST); - if(empty($user->id())) { + $userupdate = clone $user; + $userupdate->hydrate($_POST); + if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($user->password()) || $this->usermanager->passwordexist($user->password()))) { + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()))) { $this->routedirectget('user', ['error' => 'change_password']); - } elseif (empty($user->level())) { + } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); + } elseif ($user->level() === 10 && $userupdate->level() !== 10) { + $this->routedirectget('user', ['error' => 'cant_edit_yourself']); } else { - $this->usermanager->add($user); + $this->usermanager->add($userupdate); $this->routedirect('user'); } } |