From ce4ef140ae80f1e6d329661a480d62ceaa617318 Mon Sep 17 00:00:00 2001
From: Leandro Lucarella <llucax@gmail.com>
Date: Fri, 20 May 2005 17:57:41 +0000
Subject: [PATCH] Bugfix del password cruzado.

---
 src/admin.admin.php    | 5 +++--
 src/admin.creditos.php | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/admin.admin.php b/src/admin.admin.php
index 5a91822..e88966d 100644
--- a/src/admin.admin.php
+++ b/src/admin.admin.php
@@ -19,9 +19,10 @@ require_once 'lib/admin.util.php';
 if (isset($_POST['admin_ceder']) and isset($_POST['admin_ceder_pass']))
 {
     if ($err = ret_check_asociado($_POST['admin_ceder'])
-            or $err = ret_check_password($u = new Usuario($_POST['admin_ceder']),
+            or $err = ret_check_password($_SESSION['user'],
                 $_POST['admin_ceder_pass'])
-            or $err = $_SESSION['user']->cederAdmin($u))
+            or $err = $_SESSION['user']->cederAdmin(
+                $u = new Usuario($_POST['admin_ceder'])))
     {
         marco_cabecera('Ceder Administración', true);
         error($err);
diff --git a/src/admin.creditos.php b/src/admin.creditos.php
index 270255f..4294ab4 100644
--- a/src/admin.creditos.php
+++ b/src/admin.creditos.php
@@ -22,9 +22,9 @@ if (isset($_POST['admin_cred']) and isset($_POST['admin_cred_user'])
 {
     if (check_numero($_POST['admin_cred'])
             and check_asociado($_POST['admin_cred_user'])
-            and check_password($u = new Usuario($_POST['admin_cred_user']),
-                $_POST['admin_cred_pass']))
+            and check_password($_SESSION['user'], $_POST['admin_cred_pass']))
     {
+        $u = new Usuario($_POST['admin_cred_user']);
         $u->addCreditos($_POST['admin_cred']);
         ok('Se agregaron '.$_POST['admin_cred'].' créditos al usuario '
             .$u->getNombre().' '.$u->getApellido());
-- 
2.43.0