foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-30 22:41:47 -05:00
Code Issues Releases Wiki Activity

Fix insufficient access level bug on invite page

Browse Source
This commit is contained in:
Foltik 2016-08-14 19:42:31 -04:00
parent 5845c6c427
commit 51b5d26f09
1 changed files with 12 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
includes/core.php
View File

@ -48,19 +48,21 @@ function generate($level)
{ {
global $db; global $db;
if (isset($_SESSION['id'])) { if (isset($_SESSION['id'])) {
if ($_SESSION['level'] < '3' && $level > $_SESSION['level'] && $level < '4') { if ($_SESSION['level'] < '3') {
if (empty($level)) { if (empty($level)) {
include_once('./invite.php'); include_once('./invite.php');
} else { } else {
$q = $db->prepare("INSERT INTO invites (code, level, issuer) VALUES (:code, :level, :issuer)"); if ($level > $_SESSION['level'] && $level < '4') {
$code = generateString(CODE_CHARSET, 16); $q = $db->prepare("INSERT INTO invites (code, level, issuer) VALUES (:code, :level, :issuer)");
$q->bindParam(':code', $code); $code = generateString(CODE_CHARSET, 16);
$q->bindParam(':level', $level); $q->bindParam(':code', $code);
$q->bindParam(':issuer', $_SESSION['user']); $q->bindParam(':level', $level);
$q->execute(); $q->bindParam(':issuer', $_SESSION['user']);
echo '<p>Generation Successful.</p><br> $q->execute();
<p>Code: '.$code.'</p><br> echo '<p>Generation Successful.</p><br>
<p>Access Level: '.$level.'</p>'; <p>Code: '.$code.'</p><br>
<p>Access Level: '.$level.'</p>';
}
} }
} else { } else {
echo 'Insufficient Access Level.'; echo 'Insufficient Access Level.';