Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[5761] trunk/OrderDetails.php
|
From: <dai...@us...> - 2012-12-15 04:56:08
|
Revision: 5761
http://sourceforge.net/p/web-erp/reponame/5761
Author: daintree
Date: 2012-12-15 04:56:05 +0000 (Sat, 15 Dec 2012)
Log Message:
-----------
Customer login error check that they do not update URL GET orderno to view other peoples orders
Modified Paths:
--------------
trunk/OrderDetails.php
Modified: trunk/OrderDetails.php
===================================================================
--- trunk/OrderDetails.php 2012-12-15 04:47:29 UTC (rev 5760)
+++ trunk/OrderDetails.php 2012-12-15 04:56:05 UTC (rev 5761)
@@ -59,6 +59,12 @@
$myrow = DB_fetch_array($GetOrdHdrResult);
$CurrDecimalPlaces = $myrow['decimalplaces'];
+ if ($CustomerLogin ==1 AND $myrow['debtorno']!= $_SESSION['CustomerID']) {
+ prnMsg (_('Your customer login will only allow you to view your own purchase orders'),'error');
+ include('includes/footer.inc');
+ exit;
+ }
+
echo '<table class="selection">
<tr>
<th colspan="4"><h3>'._('Order Header Details For Order No').' '.$_GET['OrderNumber'].'</h3></th>
|
