diff --git a/inc/config.php b/inc/config.php index abe8db62..c61fb5d0 100644 --- a/inc/config.php +++ b/inc/config.php @@ -366,6 +366,8 @@ $config['mod']['modlog'] = ADMIN; // Create a PM (viewing mod usernames) $config['mod']['create_pm'] = JANITOR; + // Read any PM, sent to or from anybody + $config['mod']['master_pm'] = ADMIN; // Rebuild everything $config['mod']['rebuild'] = ADMIN; // Search through posts diff --git a/mod.php b/mod.php index 15a602c2..06331a2a 100644 --- a/mod.php +++ b/mod.php @@ -314,9 +314,14 @@ } elseif(preg_match('/^\/PM\/(\d+)$/', $query, $match)) { $id = $match[1]; - $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); + if($mod['type'] >= $config['mod']['master_pm']) { + $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id"); + } else { + $query = prepare("SELECT `pms`.`id`, `time`, `sender`, `to`, `message`, `username` FROM `pms` LEFT JOIN `mods` ON `mods`.`id` = `sender` WHERE `pms`.`id` = :id AND `to` = :mod"); + $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); + } + $query->bindValue(':id', $id, PDO::PARAM_INT); - $query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); $query->execute() or error(db_error($query)); if(!$pm = $query->fetch()) { @@ -337,15 +342,32 @@ $query->bindValue(':id', $id, PDO::PARAM_INT); $query->execute() or error(db_error($query)); + if($pm['to'] != $mod['id']) { + $query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id"); + $query->bindValue(':id', $pm['to'], PDO::PARAM_INT); + $query->execute() or error(db_error($query)); + + if($_mod = $query->fetch()) { + $__to = $_mod['username']; + } else { + $__to = '??'; + } + } + modLog('Read a PM'); - $body = '