Bugfix del password cruzado.

diff --git a/src/admin.admin.php b/src/admin.admin.php
index 5a91822fdd7523ca739ab6af32e90c913b60d3b3..e88966d9d72cc5e281d6aeaf48ac0eac7c91f741 100644 (file)
--- a/src/admin.admin.php
+++ b/src/admin.admin.php
@@ -19,9 +19,10 @@ require_once 'lib/admin.util.php';
 if (isset($_POST['admin_ceder']) and isset($_POST['admin_ceder_pass']))
 {
     if ($err = ret_check_asociado($_POST['admin_ceder'])
-            or $err = ret_check_password($u = new Usuario($_POST['admin_ceder']),
+            or $err = ret_check_password($_SESSION['user'],
                 $_POST['admin_ceder_pass'])
-            or $err = $_SESSION['user']->cederAdmin($u))
+            or $err = $_SESSION['user']->cederAdmin(
+                $u = new Usuario($_POST['admin_ceder'])))
     {
         marco_cabecera('Ceder Administración', true);
         error($err);

diff --git a/src/admin.creditos.php b/src/admin.creditos.php
index 270255f14e8a803473d9b84129cbc46bbd59a78d..4294ab4ed2720887fd3bc1e85446fe2d916cbc54 100644 (file)
--- a/src/admin.creditos.php
+++ b/src/admin.creditos.php
@@ -22,9 +22,9 @@ if (isset($_POST['admin_cred']) and isset($_POST['admin_cred_user'])
 {
     if (check_numero($_POST['admin_cred'])
             and check_asociado($_POST['admin_cred_user'])
-            and check_password($u = new Usuario($_POST['admin_cred_user']),
-                $_POST['admin_cred_pass']))
+            and check_password($_SESSION['user'], $_POST['admin_cred_pass']))
     {
+        $u = new Usuario($_POST['admin_cred_user']);
         $u->addCreditos($_POST['admin_cred']);
         ok('Se agregaron '.$_POST['admin_cred'].' créditos al usuario '
             .$u->getNombre().' '.$u->getApellido());