From 66376f1c83351eab88218397c315df3988308042 Mon Sep 17 00:00:00 2001
From: Maxime Kohlhaas <mko@atm-consulting.fr>
Date: Thu, 31 Jan 2013 09:56:52 +0100
Subject: [PATCH] Bug # 701 : A user can only be set admin by an admin

---
 htdocs/user/fiche.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/htdocs/user/fiche.php b/htdocs/user/fiche.php
index e274c9bf1a0..92ebb740523 100644
--- a/htdocs/user/fiche.php
+++ b/htdocs/user/fiche.php
@@ -324,7 +324,9 @@ if ($action == 'update' && ! $_POST["cancel"])
             $object->firstname	= GETPOST("prenom");
             $object->login		= GETPOST("login");
             $object->pass		= GETPOST("password");
-            $object->admin		= GETPOST("admin");
+			if($user->admin == 1) { // A user can only be set admin by an admin
+            	$object->admin = GETPOST("admin");
+			}
             $object->office_phone=GETPOST("office_phone");
             $object->office_fax	= GETPOST("office_fax");
             $object->user_mobile= GETPOST("user_mobile");