From 419da73bef1b44e4295cda780b3d992236f2036b Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Tue, 25 Dec 2012 19:27:04 +0100
Subject: right fix

---
 includes/pages/admin_user.php | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'includes')

diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index d9f5d749..9fc88e69 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -104,21 +104,26 @@ function admin_user() {
 
       if (isset ($_REQUEST['submit_user_angeltypes'])) {
         $selected_angel_types = array ();
-        foreach ($angel_types as $angel_type_id => $angel_type_name)
+        foreach ($angel_types as $angel_type_id => $angel_type_name) {
           if (isset ($_REQUEST['angel_types_' . $angel_type_id]))
-          $selected_angel_types[] = $angel_type_id;
+            $selected_angel_types[] = $angel_type_id;
+        }
 
         // Assign angel-types
-        foreach ($angel_types_source as $angel_type)
+        foreach ($angel_types_source as $angel_type) {
           if (!in_array($angel_type['id'], $selected_angel_types))
-          sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
+            sql_query("DELETE FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($angel_type['id']) . " LIMIT 1");
+        }
 
-        foreach ($selected_angel_types as $selected_angel_type_id)
-          if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0)
-          if (in_array("admin_user_angeltypes", $privileges))
-          sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
-        else
-          sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
+        foreach ($selected_angel_types as $selected_angel_type_id) {
+          if (sql_num_query("SELECT * FROM `UserAngelTypes` WHERE `user_id`=" . sql_escape($user_source['UID']) . " AND `angeltype_id`=" . sql_escape($selected_angel_type_id) . " LIMIT 1") == 0) {
+            if (in_array("admin_user_angeltypes", $privileges)) {
+              sql_query("INSERT INTO `UserAngelTypes` SET `confirm_user_id`=" . sql_escape($user['UID']) . ", `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
+            } else {
+              sql_query("INSERT INTO `UserAngelTypes` SET `user_id`=" . sql_escape($user_source['UID']) . ", `angeltype_id`=" . sql_escape($selected_angel_type_id));
+            }
+          }
+        }
 
         success("Angeltypes saved.");
         redirect(page_link_to('admin_user') . '&id=' . $user_source['UID']);
@@ -182,7 +187,7 @@ function admin_user() {
             list ($my_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($user['UID']) . " ORDER BY `group_id`");
             list ($his_highest_group) = sql_select("SELECT * FROM `UserGroups` WHERE `uid`=" . sql_escape($id) . " ORDER BY `group_id`");
 
-            if ($my_highest_group <= $his_highest_group) {
+            if ($my_highest_group['group_id'] <= $his_highest_group['group_id']) {
               $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = " . sql_escape($id) . ") WHERE `Groups`.`UID` >= " . sql_escape($my_highest_group['group_id']) . " ORDER BY `Groups`.`Name`");
               $grouplist = array ();
               foreach ($groups as $group)
-- 
cgit v1.2.3-54-g00ecf