X-Git-Url: https://git.llucax.com/z.facultad/75.43/tp1.git/blobdiff_plain/d3b7db85c60d658e7e7b00bb48d8d7a5f9ce833b..ac473b33edf95480fa85b5025447595ef9b555c2:/src/admin.creditos.php

diff --git a/src/admin.creditos.php b/src/admin.creditos.php
index 6b7fb75..c04af01 100644
--- a/src/admin.creditos.php
+++ b/src/admin.creditos.php
@@ -12,26 +12,19 @@ require_once 'lib/pagina.php';
 require_once 'lib/validacion.php';
 require_once 'lib/Usuario.php';
 require_once 'lib/admin.forms.php';
+require_once 'lib/admin.util.php';
 
 marco_cabecera('Asignación de créditos');
 
-// Solo para admins
-if (!$_SESSION['user']->esAdmin()) {
-    error('Acceso denegado!');
-    marco_pie('Leandro Lucarella', 'llucare@fi.uba.ar');
-    exit;
-}
-
 // Si llenó el formulario
 if (isset($_POST['admin_cred']) and isset($_POST['admin_cred_user'])
         and isset($_POST['admin_cred_pass']))
 {
     if (check_numero($_POST['admin_cred'])
             and check_asociado($_POST['admin_cred_user'])
-            and check_password($_SESSION['user']->getId(),
+            and check_password($u = new Usuario($_POST['admin_cred_user']),
                 $_POST['admin_cred_pass']))
     {
-        $u = new Usuario($_POST['admin_cred_user']);
         $u->addCreditos($_POST['admin_cred']);
         ok('Se agregaron '.$_POST['admin_cred'].' créditos al usuario '
             .$u->getNombre().' '.$u->getApellido());