From 51b5d26f09e8861c670e5721e291b2151a64afeb Mon Sep 17 00:00:00 2001
From: Foltik <jack@foltz.tech>
Date: Sun, 14 Aug 2016 19:42:31 -0400
Subject: [PATCH] Fix insufficient access level bug on invite page

---
 includes/core.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/includes/core.php b/includes/core.php
index 82a09ab..f40b455 100644
--- a/includes/core.php
+++ b/includes/core.php
@@ -48,19 +48,21 @@ function generate($level)
 {
     global $db;
     if (isset($_SESSION['id'])) {
-        if ($_SESSION['level'] < '3' && $level > $_SESSION['level'] && $level < '4') {
+        if ($_SESSION['level'] < '3') {
             if (empty($level)) {
                 include_once('./invite.php');
             } else {
-                $q = $db->prepare("INSERT INTO invites (code, level, issuer) VALUES (:code, :level, :issuer)");
-                $code = generateString(CODE_CHARSET, 16);
-                $q->bindParam(':code', $code);
-                $q->bindParam(':level', $level);
-                $q->bindParam(':issuer', $_SESSION['user']);
-                $q->execute();
-                echo '<p>Generation Successful.</p><br>
-                    <p>Code: '.$code.'</p><br>
-                    <p>Access Level: '.$level.'</p>';
+                if ($level > $_SESSION['level'] && $level < '4') {
+                    $q = $db->prepare("INSERT INTO invites (code, level, issuer) VALUES (:code, :level, :issuer)");
+                    $code = generateString(CODE_CHARSET, 16);
+                    $q->bindParam(':code', $code);
+                    $q->bindParam(':level', $level);
+                    $q->bindParam(':issuer', $_SESSION['user']);
+                    $q->execute();
+                    echo '<p>Generation Successful.</p><br>
+                        <p>Code: '.$code.'</p><br>
+                        <p>Access Level: '.$level.'</p>';
+                }
             }
         } else {
             echo 'Insufficient Access Level.';