leftypol
/
leftypol
4
5
Fork 2
Code Issues 55 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

a few permissions-related bugs

pull/40/head
Michael Save 12 years ago
parent
8ea20109fe
commit
e132e4c2b3
2 changed files with 21 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      inc/mod/pages.php
  2. 15
      templates/mod/pm.html

12
inc/mod/pages.php
View File

@ -969,6 +969,11 @@ function mod_user($uid) {
}
function mod_user_new() {
global $pdo;
if (!hasPermission($config['mod']['createusers']))
error($config['error']['noaccess']);
if (isset($_POST['username'], $_POST['password'], $_POST['type'])) {
if ($_POST['username'] == '')
error(sprintf($config['error']['required'], 'username'));
@ -1001,6 +1006,10 @@ function mod_user_new() {
$query->bindValue(':boards', implode(',', $boards));
$query->execute() or error(db_error($query));
$uid = $pdo->lastInsertId();
modLog('Created a new user: ' . utf8tohtml($_POST['username']) . ' <small>(#' . $userID . ')</small>');
header('Location: ?/users', true, $config['redirect_http']);
return;
}
@ -1040,6 +1049,9 @@ function mod_user_promote($uid, $action) {
function mod_pm($id, $reply = false) {
global $mod, $config;
if ($reply && !hasPermission($config['mod']['create_pm']))
error($config['error']['noaccess']);
$query = prepare("SELECT `mods`.`username`, `mods_to`.`username` AS `to_username`, `pms`.* FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` LEFT JOIN `mods` AS `mods_to` ON `mods_to`.`id` = `to` WHERE `pms`.`id` = :id");
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));

15
templates/mod/pm.html
View File

@ -20,7 +20,8 @@
{% endif %}
<tr>
<th>{% trans 'Date' %}</th>
<td>{{ time|date(config.post_date) }}</td>
<td>{{ time|date(config.post_date) }} <small>({{ time|ago }} ago)</small></td>
</tr>
<tr>
<th>{% trans 'Message' %}</th>
@ -32,10 +33,12 @@
<li style="padding:5px 0">
<input type="submit" name="delete" value="{% trans 'Delete forever' %}">
</li>
<li style="padding:5px 0">
<a href="?/PM/{{ id }}/reply">
{% trans 'Reply with quote' %}
</a>
</li>
{% if mod|hasPermission(config.mod.create_pm) %}
<li style="padding:5px 0">
<a href="?/PM/{{ id }}/reply">
{% trans 'Reply with quote' %}
</a>
</li>
{% endif %}
</ul>
</form>

Write Preview
Loading…
Cancel
Save