From 6e828f226979883213e3394a044b2d41130b368d Mon Sep 17 00:00:00 2001
From: Christian Beer <christian.beer@aei.mpg.de>
Date: Thu, 26 May 2016 13:19:54 +0200
Subject: [PATCH] Ops: hide sensitive data in read-only ops

---
 html/inc/db_ops.inc | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/html/inc/db_ops.inc b/html/inc/db_ops.inc
index 4dfb3fb4d3..d1feaca99f 100644
--- a/html/inc/db_ops.inc
+++ b/html/inc/db_ops.inc
@@ -23,6 +23,7 @@ ini_set('display_errors', true);
 ini_set('display_startup_errors', true);
 
 require_once("../inc/util_basic.inc");
+require_once("../inc/util_ops.inc");
 require_once("../inc/result.inc");
 require_once("../inc/boinc_db.inc");
 
@@ -1188,7 +1189,9 @@ function show_user($user) {
     row("ID", $user->id);
     row("Created", time_str($user->create_time));
     row("Name", $user->name);
-    row("Authenticator", $user->authenticator);
+    if(!in_rops()) {
+        row("Authenticator", $user->authenticator);
+    }
     row("Email address", $user->email_addr);
     row("OK to send Email?", $user->send_email);
     row("Country", $user->country);
@@ -1199,7 +1202,9 @@ function show_user($user) {
     row("Default venue", $user->venue);
     row("Hosts", "<a href=\"db_action.php?table=host&userid=$user->id&detail=low\">click</a>");
     row("Cross project ID", $user->cross_project_id);
-    row("Password Hash", $user->passwd_hash);
+    if(!in_rops()) {
+        row("Password Hash", $user->passwd_hash);
+    }
     row("Donated", $user->donated);
     end_table();
 }