Fix a couple of access permission checks that were allowing unapproved

project members (but approved in other projects) to see things they
are not supposed to.

www/showproject.php3

@@ -43,13 +43,8 @@ if (mysql_num_rows($query_result) == 0) {
 #
 # Verify that this uid is a member of the project being displayed.
 #
-if (!$isadmin) {
-    $query_result = 
-        DBQueryFatal("SELECT trust FROM group_membership ".
-		     "WHERE uid='$uid' and pid='$pid' and gid='$pid'");
-    if (mysql_num_rows($query_result) == 0) {
-        USERERROR("You are not a member of Project $pid.", 1);
-    }
+if (! TBProjAccessCheck($uid, $pid, $pid, $TB_PROJECT_READINFO)) {
+    USERERROR("You are not a member of Project $pid.", 1);
 }
 
 SHOWPROJECT($pid, $uid);

www/showproject_list.php3

@@ -170,7 +170,7 @@ if (! $isadmin) {
 	DBQueryFatal("SELECT * FROM projects as p ".
 		     "left join group_membership as g on ".
 		     "     p.pid=g.pid and g.pid=g.gid ".
-		     "where g.uid='$uid'");
+		     "where g.uid='$uid' and g.trust!='none'");
 				   
     if (mysql_num_rows($query_result) == 0) {
 	USERERROR("You are not a member of any projects!", 1);